We all know the problem, small scale to large scale, from home to big sites, from script kiddie to brilliant hacker or cracker, people trying to enter your systems without being allowed to, to put it mildly.

There are different ways of protection, we know.

But most times the problem is, what should one do with all the data that firewalls summon?

If you are not the type "dark revenger", most times you try to contact some other admins, if you have time to report, as police or other investigation is not always an option or longed for, but not with much response.

Johannes Ulrich was also reporting, till out of the frustration about no response or reaction, he founded DShield.org, Distributed Intrusion Detection System.

From DShield.org:


"DShield.org is an attempt to collect data about hacker activity from all over the internet.

This data will be cataloged and summarized. It can be used to discover trends in activity and prepare better firewall rules.

Right now, the system is tailored to simple packet filters. As firewall systems that produce easy to parse packet filter logs are now available for most operating systems, this data can be submitted and used without much effort.

More complex patterns, like they are used by application level firewalls may be handled in the future."

DShield accepts firewall logs in the formats Kernel packet logs as generated by Linux 2.2.x and ipchains (KERNEL), ZoneAlarm Logs (ZONEALARM) and

DShield Format (DSHIELD).

The public service / experiment is rather new, but maybe it can help in the future, time will tell.