[127199] in North American Network Operators' Group
Re: PCAP Sanitization Tool
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Thu Jun 17 16:53:23 2010
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <98375.1276782411@localhost>
Date: Thu, 17 Jun 2010 06:49:55 -0700
To: Valdis.Kletnieks@vt.edu
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jun 17, 2010, at 6:46 51AM, Valdis.Kletnieks@vt.edu wrote:
> On Wed, 16 Jun 2010 18:37:01 PDT, Steven Bellovin said:
>> What's your threat model? In general, proper anonymization of packet
>> trace data is very hard.
>=20
> I'll go out on a limb and point out that a large chunk of the =
difficulty is
> because every protocol has had to invent its own hack-arounds for =
working
> across a NAT. The resulting lack of standardization making things like
> Wireshark protocol examinations and sanitizing capture data is one of =
the less
> well-known reasons why NATs are evil.
My complaints are at a deeper level -- even without that, it's really =
hard.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
