[Dshield] Using fightback selectively

Chew, Freeland (Roanoke) FChew at ecpi.edu
Tue May 29 17:44:18 GMT 2001


Hello All

I use fightback selectively by editing the script that parses the firewall
logs to not alarm on the ip address where I expect activity.

By using the script to filter the information that goes into the file that
is used as a basis for the automatic email that goes to Dshield I avoid
false alarms.  For example, I often scan my network from home so I filter
out alarms based on my home ip address.

Freeland Chew


Message: 1
From: Michael Boman <michael.boman at securecirt.com>
To: dshield at dshield.org
Date: Tue, 29 May 2001 20:28:18 +0800
Organization: SecureCiRT
Subject: [Dshield] Fightback program
Reply-To: dshield at dshield.org

Hello everyone,

I am just wondering if it is possible to use the fightback program 
selectivly? The thing is that I expect "hack attempts" from certain people 
(I've paid for it even!) and I don't want to cause them any problem.. 

I also wonder if I at a later stage (after the sign up procedure) change my 
fightback option.

If anyone could answer these questions I'll probibly sign up for an account,

adding a quite large number of NIDS/Firewall locations (have NIDS 
sensors/firewalls all over the world).

Best regards
 Michael Boman

--
 I need to sort out my .signature someday....


--__--__--

Message: 2
From: "Johannes B. Ullrich" <jullrich at euclidian.com>
To: <dshield at dshield.org>
Date: Tue, 29 May 2001 09:51:01 -0400
Subject: [Dshield] Fightback program
Reply-To: dshield at dshield.org



**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

   You are not able to mark/unmark distinct records for 
'fightback'. However, you can switch your fightback option on
and off at any time. 

   As a solution, I maintain a list of known portscan services
(e.g. Shields Up, cablemodemhelp.com, hackerwhacker) that will
not be included as attackers in DShield. Whenever data is
imported, records implicating these IPs will be automatically
deleted. If you send me a list of IPs you wish to have included,
send it to me with some explanation and if possible some way of
verifying that these IPs are used by a security service. (e.g.
a web page that lists these IPs).


- ---
Johannes Ullrich            Join http://www.dshield.org
jullrich at euclidian.com
GPG Key ID: AE692033  Key: http://johannes.homepc.org/pgp.htm
- ---


- -----Original Message-----
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
Behalf Of Michael Boman
Sent: Tuesday, May 29, 2001 8:28 AM
To: dshield at dshield.org
Subject: [Dshield] Fightback program


Hello everyone,

I am just wondering if it is possible to use the fightback program 
selectivly? The thing is that I expect "hack attempts" from certain
people 
(I've paid for it even!) and I don't want to cause them any problem..

I also wonder if I at a later stage (after the sign up procedure)
change my 
fightback option.

If anyone could answer these questions I'll probibly sign up for an
account, 
adding a quite large number of NIDS/Firewall locations (have NIDS 
sensors/firewalls all over the world).

Best regards
 Michael Boman

- --
 I need to sort out my .signature someday....


- ---

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8

iQA/AwUBOxOnQ1TiIsyuaSAzEQI0bQCg/iskHRZA/4edVGbGjiNhahVuVeAAoNlV
U3dLDDAoqJwl8bcagWNsA8wH
=vAO2
-----END PGP SIGNATURE-----



--__--__--

_______________________________________________
Dshield mailing list
Dshield at dshield.org
http://www1.dshield.org/mailman/listinfo/dshield


End of Dshield Digest


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************




More information about the list mailing list