[Dshield] Database Integrity?
hank at panamahank.com
Sun Mar 11 16:11:07 GMT 2001
I think the lesson learned here is 'if you scan your own system, edit
your logs before you send them'. Anyone who expects others, whether
Dshield or the Federal Government to clean up for them is going to be
disappointed. Next time, remove entries where you scanned yourself
before submitting the logs.
Dan Crooks wrote:
> Luckily I keep all my submission reports to DShield. I reviewed the
> in question and discovered that on those dates I had run port scans
> using nmap to look for weaknesses in my own system. The log I
> DShield shows the same IP as attacker and attackee!!
> If government agencies are going to use DShield reports to track
> there has got to be some way to prevent this kind of mistake. Had
> decided to seize my equipment based on the information they
> DShield it would have smeared the whole DShield project. Error
> be accomplished on reports submitted to DShield BEFORE being
written to the
> database, otherwise the database is useless.
> If DShield receives reports that contain the same IP for both
> outbound it should NOT add them to the database?
-- Hank, hank at panamahank.com on 03/11/2001
More information about the list