On Fri, 10 Mar 2000 07:39:53 +0300, Musandu
<musandu(_at_)arcc(_dot_)or(_dot_)ke> said:
This database if created would be a one stop shopping point for "hackers" to
test their theories because it would most likely be configured to meet the
standards that are advocated within it (even if the IETF was to run it under
some TCP/IP reason).
Umm.. the hackers already *have* one-stop shopping, at a number
of places. When did www.rootshell.com open for business? ;)
I've appended the abstract of a possibly-relevant I-D, which I haven't
read yet because I've been up to my ears in other stuff... ;)
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
Title : Intrusion Detection Message Exchange Format Comparison
of SMI and XML Implementations
Author(s) : G. Mansfield, D. Curry
Filename : draft-mansfield-curry-idmef-xmlsmi-01.txt
Pages : 26
Date : 06-Mar-00
The purpose of the Intrusion Detection Message Exchange Format
(IDMEF) is to define data formats and exchange procedures for sharing
information of interest to intrusion detection and response systems,
and to the management systems which may need to interact with them.
The goals and requirements of the IDMEF are described in [3].
Two implementations of the IDMEF data format have been proposed: one
using the Structure of Management Information (SMI) to describe an
SNMP MIB, and the other using a Document Type Definition (DTD) to
describe XML documents. Both representations appear to have their
good and bad traits, and deciding between them is difficult.
To arrive at an informed decision, the working group tasked the
authors to identify and analyze the pros and cons of both approaches,
and present the results in the form of an Internet-Draft.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-mansfield-curry-idmef-xmlsmi-01.txt