[Dshield] Re: Dshield digest, Vol 1 #325 - 4 msgs
Johannes B. Ullrich
jullrich at euclidian.com
Thu Nov 8 20:16:56 GMT 2001
-----BEGIN PGP SIGNED MESSAGE-----
> I have noticed some port scans from IPs not previously seen.
> Is there an IP Table where I can quickly identify the origin of an IP
> while off-line?
Depends on how large of a database you would like to keep offline
for that purpose. For dshield, I keep basic whois data cached in a
table. It currently has about 190k rows and takes up about 11 MByte.
(each row is a range of IPs, not a single IP).
It covers more than 75% of IP space.
The problem is that in some countries, IP address space is assigned in
very small ranges. Therefore, the number of records gets quite large.
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the list