[Dshield] Tracking and Reporting Probes
dshield at webfocus.com
Thu Mar 28 21:43:30 GMT 2002
At 01:02 PM 3/28/2002 -0800, you wrote:
> > This makes me wonder. I've seen people asking about log analyzers for
> > LaBrea... is there a LaBrea logs -> DShield format program out there?
> > Should there be?
>In my case it'd be redundant. The tarpitted packets are already being
>blocked by the firewall, which gets reported to dshield. In fact,
>tarpitting is *magnifying* the apparent size of the attack since I'm now
>reporting all of the subsequent 1-byte packets.
How is this, is your firewall Blocking or is Labrea tarpitting? How can
you have both? maybe I can learn a few tricks here.
More information about the list