[Dshield] Request for Fightback feature

Blake McNeill mcneillb at linklogger.com
Wed Aug 7 04:04:58 GMT 2002


Yes it is there if you drill into the IP address details, but I was thinking
about something on the Fightback summary list, just so I can quickly sum up
who has and who hasn't been sent a Fightback notification (there isn't
anything their currently).  In some cases I have seen continued port 80
scans from a locally infected (meaning my netblock with my ISP) and finally
sent my own notification which got it cleaned up, but I never thought to
notice on the IP details if a notification was sent or not (to be honest I
never noticed it before).  It would have been nice to have seen this in the
summary list if a notification was sent (ISP notification is the number one
reason why I send my logs to DShield, so its important to me to see this
information quickly, other people's mileage and reasons may vary of course).

Thanks
Blake

----- Original Message -----
From: "Johannes Ullrich" <jullrich at sans.org>
To: <list at dshield.org>
Sent: Tuesday, August 06, 2002 7:55 PM
Subject: Re: [Dshield] Request for Fightback feature


>
> I have to double check if this is implemented. But the little police car
> next to the IP should be shown if a fightback is sent.
>
> If not, you can also send individual fightbacks now (log in, go to your
> reports, check the details for an IP and you will see the link)
>
>
>
> On Tue, 06 Aug 2002 16:21:28 -0600
> Blake McNeill <mcneillb at linklogger.com> wrote:
>
> > One feature I'd really like to see is when I look at the list of my
recent
> > submissions is to see which IP's have had a fightback submission sent to
> > them and possibly when.  I don't care if it was sent on my behalf or
someone
> > else's.  I just want to know if the ISP (or whoever) has already been
> > notified via DShield.
> >
> > Blake
> > http://www.LinkLogger.com
> >
> > _______________________________________________
> > Dshield mailing list
> > Dshield at dshield.org
> > To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
> >
>
>
> --
> ---------------------------------------------------------------
> jullrich at sans.org             Collaborative Intrusion Detection
>                                     join http://www.dshield.org
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list