RE: [nmrg] Re: [IRSG] review of draft-irtf-nmrg-snmp-measure-04.txt
"David B Harrington" <dbharrington@comcast.net> Mon, 19 May 2008 13:16 UTC
Received: from QMTA02.emeryville.ca.mail.comcast.net (qmta02.emeryville.ca.mail.comcast.net [76.96.30.24]) by bierator.ibr.cs.tu-bs.de (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id m4JDG3Mh008908 for <nmrg@ibr.cs.tu-bs.de>; Mon, 19 May 2008 15:16:08 +0200
Received: from OMTA11.emeryville.ca.mail.comcast.net ([76.96.30.36]) by QMTA02.emeryville.ca.mail.comcast.net with comcast id TPZ91Z01D0mlR8UA206r00; Mon, 19 May 2008 13:15:56 +0000
Received: from Harrington73653 ([24.128.66.199]) by OMTA11.emeryville.ca.mail.comcast.net with comcast id TRFq1Z0024HwxpC8X00000; Mon, 19 May 2008 13:15:52 +0000
X-Authority-Analysis: v=1.0 c=1 a=zOsyX00C8WEA:10 a=1Im-IAa9KzAA:10 a=Lb1g3DJAFA9zFMzVLIoA:9 a=Fn906MrGOBrDZp-6CbwA:7 a=W1aYemK4AHE_IdzZMNnquqwlh6kA:4 a=si9q_4b84H0A:10 a=hPjdaMEvmhQA:10 a=gJcimI5xSWUA:10
From: David B Harrington <dbharrington@comcast.net>
To: "'Karen R. Sollins'" <sollins@csail.mit.edu>, j.schoenwaelder@jacobs-university.de
References: <p06240840c44e32552b6b@[18.26.0.27]><20080516122042.GA19275@elstar.local> <p06240404c456a78f0f60@[192.168.1.105]>
Subject: RE: [nmrg] Re: [IRSG] review of draft-irtf-nmrg-snmp-measure-04.txt
Date: Mon, 19 May 2008 09:15:49 -0400
Message-ID: <08cb01c8b9b2$7669edb0$0600a8c0@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <p06240404c456a78f0f60@[192.168.1.105]>
Thread-Index: Aci5Zi1tRdPfaR5BRt+zXUW2WP/OSgASdrBA
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-IBRFilter-SpamReport: 3.602 (***) BAYES_50, DNS_FROM_RFC_POST, RCVD_IN_SORBS_DUL
X-Scanned-By: MIMEDefang 2.51 on 134.169.34.9
Cc: 'Internet Research Steering Group' <irsg@isi.edu>, nmrg@ibr.cs.tu-bs.de
X-BeenThere: nmrg@ibr.cs.tu-bs.de
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Network Management Research Group <nmrg.ibr.cs.tu-bs.de>
List-Unsubscribe: <https://mail.ibr.cs.tu-bs.de/mailman/listinfo/nmrg>, <mailto:nmrg-request@ibr.cs.tu-bs.de?subject=unsubscribe>
List-Archive: <http://mail.ibr.cs.tu-bs.de/pipermail/nmrg>
List-Post: <mailto:nmrg@ibr.cs.tu-bs.de>
List-Help: <mailto:nmrg-request@ibr.cs.tu-bs.de?subject=help>
List-Subscribe: <https://mail.ibr.cs.tu-bs.de/mailman/listinfo/nmrg>, <mailto:nmrg-request@ibr.cs.tu-bs.de?subject=subscribe>
X-List-Received-Date: Mon, 19 May 2008 13:16:12 -0000
> -----Original Message----- > From: nmrg-bounces@ibr.cs.tu-bs.de > [mailto:nmrg-bounces@ibr.cs.tu-bs.de] On Behalf Of Karen R. Sollins > Sent: Monday, May 19, 2008 12:05 AM > To: j.schoenwaelder@jacobs-university.de; Karen R. Sollins > Cc: Internet Research Steering Group; nmrg@ibr.cs.tu-bs.de > Subject: [nmrg] Re: [IRSG] review of > draft-irtf-nmrg-snmp-measure-04.txt > [...] > >> 3. Next paragraph: this is where the location question arises. > >> Without some completely standardized and self explanatory > capturing > >> of location information, any data set will be incomparable to any > >> other. > > > >I expanded "where the trace was collected" to "where the trace was > >collected (name of the network and/or name of the organization owning > >the network, description of the measurement point in the network > >topology where the trace was collected)". > > Good. > I think something should be said that this information could be used by an attacker (especially an attacker internal to the organization) to decide/pinpoint where and how to attack. This information might need to be anonymized, although that would seem to defeat the purpose of having the information. I don't really know what to suggest here other than to raise the point in the security considerations that such location information might be sensitive, and could aid an attacker. Personally, I do not know that one needs to know the organization and the network within the organization unless you are planning to do regression testing or correlating the data with information available via other means. To compare the data with data sets from different networks, then I think the measurement point in the network topology and knowing the network topology is far more important (and unlikely to be available). Given the dynamic nature of network topologies, especially in any sort of virtualized environment (Virtual LANs, routers, servers, etc.), I doubt any data set even from the same network is likely to be directly comparable over time unless an attempt is made to make the data collections directly comparable by deliberately not changing the topology. I think a statement to that effect might be more useful to those doing analyses than adding organization/network information. David Harrington dbharrington@comcast.net ietfdbh@comcast.net dharrington@huawei.com
- [nmrg] RE: [IRSG] review of draft-irtf-nmrg-snmp-… Bert Wijnen - IETF
- [nmrg] Re: [IRSG] review of draft-irtf-nmrg-snmp-… Juergen Schoenwaelder
- RE: [nmrg] Re: [IRSG] review of draft-irtf-nmrg-s… David B Harrington
- Re: [nmrg] Re: [IRSG] review of draft-irtf-nmrg-s… Juergen Schoenwaelder
- [nmrg] Re: [IRSG] review of draft-irtf-nmrg-snmp-… Karen R. Sollins
- RE: [nmrg] Re: [IRSG] review of draft-irtf-nmrg-s… David B Harrington
- [nmrg] Re: [IRSG] review of draft-irtf-nmrg-snmp-… Juergen Schoenwaelder
- [nmrg] RE: [IRSG] review of draft-irtf-nmrg-snmp-… Bert Wijnen - IETF
- [nmrg] Re: [IRSG] review of draft-irtf-nmrg-snmp-… Karen R. Sollins
- [nmrg] Re: [IRSG] review of draft-irtf-nmrg-snmp-… Juergen Schoenwaelder
- [nmrg] review of draft-irtf-nmrg-snmp-measure-04.… Karen R. Sollins
- RE: [nmrg] draft-irtf-nmrg-snmp-measure-05.txt no… Medhi, Deep
- [nmrg] draft-irtf-nmrg-snmp-measure-05.txt now mo… Bert Wijnen - IETF