Network Protocol Characteristic and Flaw Documentation
I should probably register and contribute here. I’m on a first name basis with quite a few protocols, but invariably I encounter something with which I’m not familiar, and the search is usually futile. The downside in this case is the assumption that you already know the protocol and are looking for additional information about it, rather than my typical use case where I see a port in use and capture some data about it, and am instead looking to see what protocol it is.
A corollary to this link might be http://www.emergingthreats.net, as it provides a purpose and in some cases perhaps descriptors of the traffic.
The more I think about it, search around, and reflect on past experience, the more of these types of sites come to mind. The documentation and descriptions we use for protocols and their inherent characteristics and flaws just doesn’t seem to have standardized in the same way that others have (i.e., CERT, MITRE).
Leave a Reply