I know that this subject has been debated for a long time and that we
could not reach a compromise.
MHO, the current family sets sucks, mostly because it mixes several
things:
- effects, like "denial of service" or "gain root"
- target protocols, like "finger" or "RPC",
- target OS, like "windows"
- including the infamous "general" and "misc."
This kind of mixing is hard to avoid, but I suggest that we choose a
main "classification" and try to minimize the exceptions.
I think (but you are allowed to disagree :) that targets (protocols
and OS) are the best classification.
Effects should be avoid, except "Denial of servce" maybe, although it
could better be handler by a more subtle "safe_checks" (instead of a
simple flag, we could have "all", all but DoS", "non intrusive /
safe_checks")
Things like "service identifications" could be in a special family,
because we already have many of them and I plan to split find_services
in small pieces.
Comments?
--
arboi@alussinan.org http://arboi.da.ru
FAQNOPI de fr.comp.securite http://faqnopi.da.ru/
could not reach a compromise.
MHO, the current family sets sucks, mostly because it mixes several
things:
- effects, like "denial of service" or "gain root"
- target protocols, like "finger" or "RPC",
- target OS, like "windows"
- including the infamous "general" and "misc."
This kind of mixing is hard to avoid, but I suggest that we choose a
main "classification" and try to minimize the exceptions.
I think (but you are allowed to disagree :) that targets (protocols
and OS) are the best classification.
Effects should be avoid, except "Denial of servce" maybe, although it
could better be handler by a more subtle "safe_checks" (instead of a
simple flag, we could have "all", all but DoS", "non intrusive /
safe_checks")
Things like "service identifications" could be in a special family,
because we already have many of them and I plan to split find_services
in small pieces.
Comments?
--
arboi@alussinan.org http://arboi.da.ru
FAQNOPI de fr.comp.securite http://faqnopi.da.ru/