Folks-
Recently I have noticed *a bunch* of work in the measurement
community on identifying the application that generated some flow by
watching the torrent of traffic. These techniques go beyond
port-based identification to look for traffic that - for whatever
reason - uses non-standard ports. There are numerous applications
of such techniques, from setting policy to looking for malicious
intruders. I have pitched the idea of an IRTF IMRG workshop on this
topic to a few people and they generally seem receptive. I would
like to hold a bar BOF on Wed night of IETF week (Jul/12) at 2230 to
chat with folks who are interested in some unstructured kibitzing on
the topic.
(The time is sort of the best I can do ... I hate the current IETF
schedule. If you want to chat with me about this at another time,
just drop me a note and we can likely find a few minutes.)
allman
(IMRG chair)
pgpZr7LH7IbqX.pgp
Description: PGP signature
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf