-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/07/15 16:19, Joshua Lee Tucker wrote:
On 7/7/15, teor teor2345@gmail.com wrote:
Organisation X experiences an attack on their website via an IP address, and they want to identify the origin of the attack. Exonerator tells them that the IP was used by a Tor Exit that permitted port 80. (This is a very likely scenario.)
Organisation X experiences a SSH login/password scan via an IP address, and they want to identify the origin of the attack. Exonerator tells them that the IP was used by a Tor Exit that permitted port 22. (This is perhaps a less likely scenario, but still well worth knowing about.)
We could split the Exit column in two (web ports, other ports), but I'd prefer to provide the list of ports in a detail page, and let the analyst do their own triage. But if we only have one page, perhaps the split is worthwhile.
I personally don't like displaying the ports in the overview page - I would also much rather have this information displayed in a detail page. (Maybe make the "Exit: Yes" clickable?)
I think this improves not just readibility, but also keeps the main page as simple as possible.
Well, I'd like to keep the main page as simple as possible, and I'd also prefer not to add a details page at all. The only output that users should see is a single page that they can print out and file to close a case (in favor of having more time for the 9 other open cases where ExoneraTor returned a negative result). Adding more details, even on a separate page, would only confuse users and not help much.
Regarding documentation, it's already there on the same page, so that it will be printed out on the same page as lookup results. If we can phrase things better, please let's do that. But let's not add another page with explanations.
Does that make sense?
All the best, Karsten