[Dshield] Tracking and Reporting Probes
Johannes B. Ullrich
jullrich at sans.org
Thu Mar 28 20:50:21 GMT 2002
-----BEGIN PGP SIGNED MESSAGE-----
> This makes me wonder. I've seen people asking about log analyzers for
> LaBrea... is there a LaBrea logs -> DShield format program out there?
> Should there be?
I havent gotten around yet to play with LaBrea. So I don't know how
feasible an analyzer would be. However, I think such a thing would
probably be very usefull. The best reports are reports from unused address
space, as there are little false positives.
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the list