Folks- Recently I have noticed *a bunch* of work in the measurement community on identifying the application that generated some flow by watching the torrent of traffic. These techniques go beyond port-based identification to look for traffic that - for whatever reason - uses non-standard ports. There are numerous applications of such techniques, from setting policy to looking for malicious intruders. I have pitched the idea of an IRTF IMRG workshop on this topic to a few people and they generally seem receptive. I would like to hold a bar BOF on Wed night of IETF week (Jul/12) at 2230 to chat with folks who are interested in some unstructured kibitzing on the topic. (The time is sort of the best I can do ... I hate the current IETF schedule. If you want to chat with me about this at another time, just drop me a note and we can likely find a few minutes.) allman (IMRG chair)
Attachment:
pgpqE1avnqQem.pgp
Description: PGP signature
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf