[Dshield] Question...

Andre' Maillet andre at emediat.com
Sun Aug 5 23:18:33 GMT 2001

Forgive me if I'm missing something painfully obvious here, but may I ask why 
we are all of a sudden sending hundreds of log lines to the mailing list (in 
duplicate no less: once in plaintext, once in html?)  

Shouldn't folks be sending these logs to the dshield database instead, where 
they might actually do some good, instead of burying this list in logs?  

(And for heaven's sake, when replying, please don't quote the entire log! Can 
we trim our posts please?)  

It seems to me that if the destination port is TCP:80 these days, it's pretty 
safe to say we're talking about Code Red scans without having to reconfirm it 
five or six times a day, or am I mistaken here?  

Now, mind you, there can be value in posting brief log exerpts when trying to 
identify something new...  

Or perhaps we could start a new list specifically for exchanging log reports, 
keeping this one for discussions, announcements, and trend summaries?  

Andre' Maillet
andre at emediat.com

| Andre' Maillet         |  Life would be much simpler if we could  |
| andre at emediat.com      |       just look at the source code       |
| (506) 789-1090         |                                          |

More information about the list mailing list