[Dshield] Crossing the Line (was: SQLSnake)

John Hardin johnh at aproposretail.com
Wed Jul 10 21:54:15 GMT 2002


On Wed, 2002-07-10 at 13:05, Johannes Ullrich wrote:
> 
> LaBrea is a great
> tool to do this (with DShield reporting of course).

Will Dshield parse the syslog entries that LaBrea generates? e.g.:

Jul 10 14:52:52 rhadamanthus /usr/local/bin/LaBrea: Persist Activity:
218.58.166.253 30925 -> 207.14.61.134 80 *
Jul 10 14:52:52 rhadamanthus /usr/local/bin/LaBrea: Persist Activity:
151.202.50.241 3307 -> 207.14.61.153 1433
Jul 10 14:52:52 rhadamanthus /usr/local/bin/LaBrea: Persist Activity:
212.204.69.194 2771 -> 207.14.61.95 80 *
Jul 10 14:52:53 rhadamanthus /usr/local/bin/LaBrea: Persist Activity:
207.61.242.54 2977 -> 207.14.61.175 80
Jul 10 14:52:53 rhadamanthus /usr/local/bin/LaBrea: Persist Activity:
151.202.50.241 3014 -> 207.14.61.53 1433 *
Jul 10 14:52:53 rhadamanthus /usr/local/bin/LaBrea: Persist Activity:
207.61.242.54 4292 -> 207.14.61.45 80

> But there have been some convictions now for aggressive port scanning.

Any URLs?

-- 
John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
  ...the Fates notice those who buy chainsaws...
                                             -- www.darwinawards.com
-----------------------------------------------------------------------
 7 days until Apropos Forum 2002




More information about the list mailing list