Share Intrusion Information On Dshield Org
Posted on 08 Dec 2000
by Wolfgang Bromberger (wolf)
Rated 3.89 (Ratings: 0)
- More articles in News
There are different ways of protection, we know.
But most times the problem is, what should one do with all the data that firewalls summon?
If you are not the type "dark revenger", most times you try to contact some other admins, if you have time to report, as police or other investigation is not always an option or longed for, but not with much response.
Johannes Ulrich was also reporting, till out of the frustration about no response or reaction, he founded DShield.org, Distributed Intrusion Detection System.
"DShield.org is an attempt to collect data about hacker activity from all over the internet.This data will be cataloged and summarized. It can be used to discover trends in activity and prepare better firewall rules.Right now, the system is tailored to simple packet filters. As firewall systems that produce easy to parse packet filter logs are now available for most operating systems, this data can be submitted and used without much effort.More complex patterns, like they are used by application level firewalls may be handled in the future."
DShield accepts firewall logs in the formats Kernel packet logs as generated by Linux 2.2.x and ipchains (KERNEL), ZoneAlarm Logs (ZONEALARM) andDShield Format (DSHIELD).
The public service / experiment is rather new, but maybe it can help in the future, time will tell.