North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: The Internet's Immune System
As far as reporting is concerned, we do have a number of ways you can query our DShield data. First of all, by prefix (right now only /8, /16, /24). But we do send out daily custom reports per request. Just send me an e-mail. There is also a test version of a report by ASN: http://www.dshield.org/asreport.php its experimental and feedback is welcome. It is setup to be machine parsable. On Wed, 2003-11-12 at 18:56, Jamie Reid wrote: > It would be useful if these sites allowed you to query them with CIDR ranges to > see if your site had originated any traffic that triggered their sensor arrays. The > IDS community never seems to have wrapped its collective head around routing > information. Looking up single IP addrs is just cosmetic. A real service would > allow for concerned sites to check their entire address allocations. > > The solution we have takes a massive amount of data munging of a routing > table and is still experimental, but until attacks can be mapped to meaningful Internet > topographical information, the real value of these distributed IDS efforts cannot be fully > exploited. > > I can forsee the argument that people shouldn't be able to look up other sites > which might be compromised, but if they are really so concerned, they should > get their sites patched. > > > > > -- > Jamie.Reid, CISSP, [email protected] > Senior Security Specialist, Information Protection Centre > Corporate Security, MBS > 416 327 2324 > >>> "Bryan Bradsby" <[email protected]> 11/12/03 04:25pm >>> > > > Devise a system that assumes owners of IP space WANT to know about problems. > > report --open-proxy 192.168.1.1 <logfiles > > and have a report sent to whoever needed to know about it. > > http://www.Incidents.org > http://www.Dshield.org/howto.php > http://www.MyNetWatchman.com > > -bryan bradsby -- -------------------------------------------------------------- Johannes Ullrich [email protected] pgp key: http://johannes.homepc.org/PGPKEYS -------------------------------------------------------------- "We regret to inform you that we do not enable any of the security functions within the routers that we install." [email protected] --------------------------------------------------------------
|