[Dshield] using the feeds for your firewall

Mark Rowlands mark.rowlands at minmail.net
Sat Jul 28 06:13:45 GMT 2001


On time periods, http://project.honeynet.org/papers/stats/  has some 
interesting info, seems to indicate that between typically  2-10 days passes 
between scan and compromise attempt so five days may be too little.

As to what to cover, I think something like the 10 top attackers + the 10  
most active attackers over the top 10 ports?. 

Mark




More information about the list mailing list