[bind10-dev] Anonymization of b10-showtech output

[Shane Kerr]

Michal,

On Wednesday, 2012-07-04 10:50:47 +0200,
Michal 'vorner' Vaner <michal.vaner at nic.cz> wrote:
> I'd like to discuss the possibilities we have here. I think we want
> to have these options, depending on the admins' need:
> • List everything as it is.
> • List everything, but anonymize it somehow (I'm not sure how,
> though). • Have options to omit parts of the output. Some info is
> still better then the admin not sending anything at all.
> 
> What do you think of it? And do you have an idea how to anonymize the
> things?

The trick here is that the whole point is to provide information about
the system in question. :)

Looking at the list of stuff here:

http://bind10.isc.org/wiki/ShowTech

I guess the information that is most likely to be problematic is
network- and process-related.

For network information, we can anonymize the IP addresses, probably by
doing a very simple replace (first is 1.1.1.1, second is 2.2.2.2, and
so on). I don't know if we need to worry about interface names. It
might make debugging more difficult (but so may replacing IP
addresses). For routing information, we can do the same, except of
course with netmasks (3.3.2.0/23, 4.4.0.0/17, and so on).

For process information, probably it would make sense simply to omit
it completely.

The other thing that might be commonly considered sensitive is the
system name, which we can also simply omit.

--
Shane
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind10-dev/attachments/20120704/10aa9b34/attachment.bin>