[127198] in North American Network Operators' Group
Re: PCAP Sanitization Tool
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Jun 17 16:53:22 2010
To: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: Your message of "Wed, 16 Jun 2010 18:37:01 PDT."
<5662AC9E-A0B7-4252-8782-C16AB94D21C2@cs.columbia.edu>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 17 Jun 2010 09:46:51 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1276782411_27580P
Content-Type: text/plain; charset=us-ascii
On Wed, 16 Jun 2010 18:37:01 PDT, Steven Bellovin said:
> What's your threat model? In general, proper anonymization of packet
> trace data is very hard.
I'll go out on a limb and point out that a large chunk of the difficulty is
because every protocol has had to invent its own hack-arounds for working
across a NAT. The resulting lack of standardization making things like
Wireshark protocol examinations and sanitizing capture data is one of the less
well-known reasons why NATs are evil.
I'll cut FTP some slack - it dates back *so* far we can legitimately
say we just didn't know any better way back in the Stone Age. ;)
--==_Exmh_1276782411_27580P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFMGidLcC3lWbTT17ARAp7mAKC6Mo98E5lyVBguanGtIyujZ02gKQCg3w+O
YtFNzGHn2EYbfMu8MPxJfg8=
=U5y+
-----END PGP SIGNATURE-----
--==_Exmh_1276782411_27580P--
