[Dshield] Database Integrity?

k.lichtenwalder@computer.org k.lichtenwalder at computer.org
Sun Mar 11 09:31:26 GMT 2001


Hi,
I'd say Johannes is right to say dshield should not do any filtering. It
is ludicrous (IMHO) that a federal agency starts doing anything based on
a report without themselves checking on what grounds to start an
investigation or even having a look on it.

Klaus

Dan Crooks wrote:
> Luckily I keep all my submission reports to DShield.  I reviewed the dates
> in question and discovered that on those dates I had run port scans on my
> machine
> using nmap to look for weaknesses in my own system.  The log I submitted to
> DShield shows the same IP as attacker and attackee!!
> 
> If government agencies are going to use DShield reports to track attackers
> there has got to be some way to prevent this kind of mistake.  Had this
> agency
> decided to seize my equipment based on the information they received from
> DShield it would have smeared the whole DShield project.  Error checking
> must
> be accomplished on reports submitted to DShield BEFORE being written to the
> database, otherwise the database is useless.

> If DShield receives reports that contain the same IP for both inbound and
> outbound it should NOT add them to the database?


------------------------------------------------------------------------ 
 Klaus Lichtenwalder, Dipl. Inform.,       http://www.webforum.de/Klaus/
 Fax +49-(0)89-91072699                            Lichtenwalder at ACM.org
 NIC: KL2100, KL76-RIPE                     K.Lichtenwalder at Computer.org
 PGP Key fingerprint = 2658 EA97 E1A1 2680 5ECA  0036 80F5 F250 3CF8
C2C7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2036 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.dshield.org/pipermail/list/attachments/20010311/f53b33cc/smime.bin


More information about the list mailing list