Merge branch 'master' of https://github.com/D4-project/architecture
commit
c5cab0633f
Binary file not shown.
|
@ -58,6 +58,119 @@
|
|||
\includegraphics[scale=0.38]{d4-overview.pdf}
|
||||
\end{frame}
|
||||
|
||||
|
||||
\begin{frame}[t]{Common Output Format}
|
||||
\begin{itemize}
|
||||
\item {\bf Consistent naming of fields across Passive DNS software} based on the most common Passive DNS implementations
|
||||
\item Minimal set of fields to be supported
|
||||
\item Minimal set of optional fields to be supported
|
||||
\item Way to add "additional" fields via a simple registry mechanism (IANA-like)
|
||||
\item Simple and easily parsable format
|
||||
\item A gentle reminder regarding privacy aspects of Passive DNS
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}[t,fragile]{Sample output www.terena.org}
|
||||
\lstdefinelanguage{JavaScript}{
|
||||
keywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break},
|
||||
keywordstyle=\color{blue}\bfseries,
|
||||
ndkeywords={class, export, boolean, throw, implements, import, this},
|
||||
ndkeywordstyle=\color{darkgray}\bfseries,
|
||||
identifierstyle=\color{black},
|
||||
sensitive=false,
|
||||
comment=[l]{//},
|
||||
morecomment=[s]{/*}{*/},
|
||||
commentstyle=\color{purple}\ttfamily,
|
||||
stringstyle=\color{red}\ttfamily,
|
||||
morestring=[b]',
|
||||
morestring=[b]"
|
||||
}
|
||||
|
||||
\lstset{
|
||||
language=JavaScript,
|
||||
backgroundcolor=\color{lightgray},
|
||||
extendedchars=true,
|
||||
basicstyle=\footnotesize\ttfamily,
|
||||
showstringspaces=false,
|
||||
showspaces=false,
|
||||
numbers=left,
|
||||
numberstyle=\footnotesize,
|
||||
numbersep=9pt,
|
||||
tabsize=2,
|
||||
breaklines=true,
|
||||
showtabs=false,
|
||||
captionpos=b
|
||||
}
|
||||
\lstset{breaklines=true, language=JavaScript}
|
||||
\begin{lstlisting}
|
||||
{"count": 868, "time_first": 1298398002, "rrtype": "A", "rrname": "www.terena.org", "rdata": "192.87.30.6", "time_last": 1383124252}
|
||||
{"count": 89, "time_first": 1383729690, "rrtype": "CNAME", "rrname": "www.terena.org", "rdata": "godzilla.terena.org", "time_last": 1391517643}
|
||||
{"count": 110, "time_first": 1298398002, "rrtype": "AAAA", "rrname": "www.terena.org", "rdata": "2001:610:148:dead::6", "time_last": 136670845}
|
||||
\end{lstlisting}
|
||||
\end{frame}
|
||||
|
||||
|
||||
\begin{frame}[t]{Mandatory fields}
|
||||
\begin{itemize}
|
||||
\item \textbf{rrname} : name of the queried resource records
|
||||
\begin{itemize}
|
||||
\item JSON String
|
||||
\end{itemize}
|
||||
\item \textbf{rrtype} : resource record type
|
||||
\begin{itemize}
|
||||
\item JSON String (interpreted type of resource type if known)
|
||||
\end{itemize}
|
||||
\item \textbf{rdata} : resource records of the query(ied) resource(s)
|
||||
\begin{itemize}
|
||||
\item JSON String or an array of string if more than one unique triple
|
||||
\end{itemize}
|
||||
\item \textbf{time\_first} : first time that the resource record triple (rrname, rrtype, rdata) was seen
|
||||
\item \textbf{time\_last} : last time that the resource record triple (rrname, rrtype, rdata) was seen
|
||||
\begin{itemize}
|
||||
\item JSON Number (epoch value) UTC TZ
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}[t]{Optional fields}
|
||||
\begin{itemize}
|
||||
\item \textbf{count} : how many authoritative DNS answers were received by the Passive DNS collector
|
||||
\begin{itemize}
|
||||
\item JSON Number
|
||||
\end{itemize}
|
||||
\item \textbf{bailiwick} : closest enclosing zone delegated to a nameserver served in the zone of the resource records
|
||||
\begin{itemize}
|
||||
\item JSON String
|
||||
\end{itemize}
|
||||
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}[t]{Additionals fields}
|
||||
\begin{itemize}
|
||||
\item \textbf{sensor\_id} : Passive DNS sensor information
|
||||
\begin{itemize}
|
||||
\item JSON String
|
||||
\end{itemize}
|
||||
\item \textbf{zone\_time\_first} : specific first/last time seen when imported from a master file
|
||||
\item \textbf{zone\_time\_last}
|
||||
\begin{itemize}
|
||||
\item JSON Number
|
||||
\end{itemize}
|
||||
\item Additional fields can be requested via \url{https://github.com/adulau/pdns-qof/wiki/Additional-Fields}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}[t]{Future}
|
||||
\begin{itemize}
|
||||
\item {\bf Mixing models for passive DNS stream} (for privacy) in next version of D4 core server
|
||||
\item Interconnecting private D4 sensor networks with other D4 sensor networks (sharing to partners filtered stream)
|
||||
\item Previewing dataset collected in D4 sensor network and providing {\bf open data stream} (if contributor agrees to share under specific conditions)
|
||||
\end{itemize}
|
||||
|
||||
\end{frame}
|
||||
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Get in touch if you want to join/support the project, host a passive dns sensor or contribute}
|
||||
\begin{itemize}
|
||||
|
|
Loading…
Reference in New Issue