[Dshield] Tracking and Reporting Probes

Johannes B. Ullrich jullrich at sans.org
Thu Mar 28 20:50:21 GMT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> This makes me wonder. I've seen people asking about log analyzers for
> LaBrea... is there a LaBrea logs -> DShield format program out there?
> Should there be?

I havent gotten around yet to play with LaBrea. So I don't know how 
feasible an analyzer would be. However, I think such a thing would 
probably be very usefull. The best reports are reports from unused address 
space, as there are little false positives.


- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8o4IPwWQP+4im9DYRAoOPAJ9B9Fu/aGOXupTcylEIEr3N/Xj+XQCgrcZ5
kRXlfe/9wIG6E2X692el8pI=
=NH6E
-----END PGP SIGNATURE-----




More information about the list mailing list