[Dshield] Other requested features....

Witt, Allen DAVID.A.WITT at saic.com
Wed Aug 7 16:54:05 GMT 2002


The top 10 offender list is great, but....... wouldn't it be nice to have
the capability to request the top X offenders through a dialog screen
similar to the IP lookup screen? The idea is to let the user select the
number of IP addresses, with an upper limit imposed (say 100?) to prevent
blatant abuse. Users could then use the list as a source to fortify their
sites from the most noisy of the offenders.

Another thing that would be nice would be an easy way to produce a list of
offenders in a given set of addresses. I often see  scans and other
suspicious traffic from addresses within the same class A, B, or C address,
that are likely related.  Would be nice to get a list of IP addresses with
detected activity from a rollup site so that preventive blocking can be done
on those addresses that haven't been detected yet. I would expect the
address range to be limited to prevent abuse (say 255 address blocks). The
existing lookup tools can provide the information, but are very cumbersome
to use.

Allen Witt, Network Security Administrator
SAIC
865-425-5199




More information about the list mailing list