Monday, July 17, 2006

OpenPacket.org Update

It's been a very long time since I've said anything about OpenPacket.org at my TaoSecurity Blog. Although I am no closer to launching OpenPacket.org, I thought I would explain what's been happening. In short, I announced the project two months after starting my own company, TaoSecurity. Since then I have been exceedingly busy doing the business and technical work of running an independent consultancy, as well as being a real person in the non-security world.

I would still like to get OpenPacket.org going, but at the moment I have had no concrete offers of help with creating the site. Around the beginning of the project there was a possibility of corporate development and hosting support, but that fell through due to concerns over ownership. I became concerned the project would end up the intellectual property of a big company when the potential partner announced acquisition plans.

Several people have promised to contribute traces, but actually building a Web site with the necessary infrastructure and back end is still a problem I am being forced to solve. That would be ok if I had any experience in Web development, but I don't. Therefore, OpenPacket.org will not launch until I figure out how to build it. I have considered hiring a developer, but I am not sure if I could raise enough money to pay for the project. Ongoing maintenance might also be an issue.

If you have any thoughts on this matter, please feel free to post them below. Thank you.

4 comments:

Ish said...

Is a site infrastructure really required? Could a forum based system where people upload their traces and comment on them work?

Perhaps some moderation to keep the junk out?

Richard Bejtlich said...

I would like the content to be organized and searchable. I'm not sure a forum would be sufficient, although a forum to discuss each trace would definitely be a good idea.

Tim said...

What might work best for this initiative, given the amount of data involved, might be to organize it around a bittorrent tracker. Then the hosting isn't quite as much of an issue as if you were planning to host and serve terabytes of traces directly, and I believe there are open-source server codebases for trackers kicking around - which would give you a good starting point. The ones I've seen also seem to support a significant amount of metadata, which would let users search on at least some information. You'd just need a few people with decent bandwidth to help seed the traces.

Richard Bejtlich said...

Good idea Tim. I remember the Shmoo Group using this idea to host their Def Con traces. At worst it ends up being like FTP if only one host is available to seed it.