[Dshield] Tracking and Reporting Probes

James dshield at webfocus.com
Thu Mar 28 21:43:30 GMT 2002


At 01:02 PM 3/28/2002 -0800, you wrote:
><snip snip>



> > This makes me wonder. I've seen people asking about log analyzers for
> > LaBrea... is there a LaBrea logs -> DShield format program out there?
> > Should there be?
>
>In my case it'd be redundant. The tarpitted packets are already being
>blocked by the firewall, which gets reported to dshield. In fact,
>tarpitting is *magnifying* the apparent size of the attack since I'm now
>reporting all of the subsequent 1-byte packets.

How is this,  is your firewall Blocking or is Labrea tarpitting?   How can 
you have both?   maybe I can learn a few tricks here.

James




More information about the list mailing list