[Dshield] Port 1214

Johannes Ullrich jullrich at sans.org
Mon Aug 5 13:01:54 GMT 2002


> Bullseye - Yes I am using DHCP and I had turned everything off when I went on 
> vacation - so that when I came back I got a new IP.  Well, as long as DShield 
> doesn't get mad at me for submitting  about 150 lines of that a day, I guess 
> its OK. The previous person with my IP must have been very popular.

No. I am not mad at that. While we are on the topic: I am still
looking for someone that is willing to collect some data pertaining
to P2P applications. Some of the data that would be nice to have:
- 'normal traffic' if you use the application (you sign on, someone
searches for a file on your shared drive, you send / receive the file.
- 'retention time'. How long does it take for the p2p request to die
off after you sign off?
- 'anomalies' how do different IDS's behave? Does for example snort's
virus rules catch viruses sent? 

anyway. if someone has too much time and a recent version of
tcpdump on their hand, this may be a fun project.




-- 
---------------------------------------------------------------
jullrich at sans.org             Collaborative Intrusion Detection
                                    join http://www.dshield.org




More information about the list mailing list