[Dshield] Re: Dshield digest, Vol 1 #625 - 9 msgs

aperez.m@eresmas.net aperez.m at eresmas.net
Fri May 24 17:29:39 GMT 2002


Melvin:

  I don't know why your Visual Zone can't send mail to DShield mail box.

  I have not problem with this. Just see my last report five minutes ago.

  Go TOOLS>OPTIONS>DSHIELD:

  Have you configured with your correct DShield User ID ?. Your correct
e-mail address ?. Your ISP correct SMTP outgoing address ?. The correct
Dshiel e-mail ?. Go 

  Regards.

          Antonio Pérez.

***************************************************************************************************************

Asunto: 
        FORMAT DSHIELD USERID 86321872 TZ +2:00 VisualZone Report Utility 5.6
  Fecha: 
        Fri, 24 May 2002 19:17:29 +0200
    De: 
        aperez.m at eresmas.net
      A: 
        reports at dshield.org




2002/05/23 22:04:44 +2:00       86321872        1       203.200.89.73   21      62.174.91.21    21      TCP     S
2002/05/23 22:17:12 +2:00       86321872        1       202.3.161.38    4790    62.174.91.21    1433    TCP     S
2002/05/23 23:46:28 +2:00       86321872        1       61.134.4.181    1689    62.174.91.21    1433    TCP     S
2002/05/24 07:25:24 +2:00       86321872        1       137.208.7.48    21      62.174.91.212   1132    TCP     AP
2002/05/24 07:25:28 +2:00       86321872        1       137.208.3.20    8       62.174.91.212   0       ICMP
2002/05/24 07:25:46 +2:00       86321872        1       216.168.253.32  80      62.174.91.212   1140    TCP     AF
2002/05/24 07:25:54 +2:00       86321872        1       137.208.7.48    21      62.174.91.212   1132    TCP     S
2002/05/24 07:26:58 +2:00       86321872        1       216.168.253.32  80      62.174.91.212   1140    TCP     S
2002/05/24 07:32:08 +2:00       86321872        1       137.208.7.48    8       62.174.91.212   0       ICMP
2002/05/24 07:57:54 +2:00       86321872        1       216.49.81.179   4290    62.174.91.212   4167    TCP     S
2002/05/24 07:58:16 +2:00       86321872        1       216.49.81.179   4291    62.174.91.212   1096    TCP     S
2002/05/24 18:10:44 +2:00       86321872        1       62.81.0.33      53      62.174.91.218   1152    UDP
2002/05/24 18:16:28 +2:00       86321872        4       137.208.3.20    8       62.174.91.218   0       ICMP
2002/05/24 19:14:10 +2:00       86321872        1       64.216.88.245   3982    62.174.90.225   1433    TCP     S

***********************************************************************

melvin smith ha escrito:
> 
> Thanks to all the nice folks who posted advice
> about using visual zone to submit firewall logs.
> Your advice was very helpful. But visual zone
> cant find dshields' mailbox. After hours of
> configuring and reconfiguring its still no go.
> One of the problems was that sometimes the
> instructions were written in black fonts on
> a dark blue background. (impossible to read).
> Thanks all.            Mel.
> 
> _____________________________________________________________
> A free email account your friends will never forget!
> Get YOURNAME at EmailAccount.com  at http://www.emailaccount.com/
> 
> _____________________________________________________________
> Promote your group and strengthen ties to your members with email at yourgroup.org by Everyone.net  http://www.everyone.net/?btn=tag
> 
>   --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 
> Asunto: Dshield digest, Vol 1 #625 - 9 msgs
> Fecha: Thu, 23 May 2002 20:09:36 -0400
> De: list-request at dshield.org
> Responder a: list at dshield.org
> A: list at dshield.org
> 
> Send Dshield mailing list submissions to
>         list at dshield.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://www.dshield.org/mailman/listinfo/list
> or, via email, send a message with subject or body 'help' to
>         list-request at dshield.org
> 
> You can reach the person managing the list at
>         list-admin at dshield.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Dshield digest..."
> 
>   --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> Today's Topics:
> 
>    1. submit firewall logs (melvin smith)
>    2. Re: submit firewall logs (Shawn Cox)
>    3. RE: submit firewall logs (Wayne Larmon)
>    4. RE: submit firewall logs (Kevin Whelan)
>    5. blacklist parsing help (bradw)
>    6. RE: submit firewall logs (Nick Calvert)
>    7. RE: submit firewall logs (Nickie Westbrook)
>    8. RE: submit firewall logs (E.B. Dreger)
>    9. Re: blacklist parsing help (Micheal Patterson)
> 
>   --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 
> Asunto: [Dshield] submit firewall logs
> Fecha: Wed, 22 May 2002 23:14:28 -0700 (PDT)
> De: melvin smith <Foxtail at emailaccount.com>
> Responder a: list at dshield.org
> A: / <list at dshield.org>
> 
> I've been trying for a long time to figure out
> how to submit firewall logs to dshield.
> I have win98se, Opera 6.01 Browser and
> zone alarm pro. What am I supposed to put
> in the subject line?? I have no problem
> with the time zone except where to put it.
> 
> The instructions are for all kind
> of obscure firewall programs such as sonicwall
> and raptor, but nothing about zone alarm.
> Somebody please take the time to post the
> procedure please, I'm sure others have come
> to this roadblock after going thru the sign
> up process.  Thanks.     Mel.
> 
> How to send firewall logs to DShield as email
> 
> Report submissions are accepted via e-mail. The email has to be sent to 'reports at dshield.org'. Please submit at least once a day, if possible, but no more often than once an hour.
> 
> The subject line of the email should identify the format and the UserID (if known.) Please use one of the following formats:
> 
> Subject: FORMAT IPCHAINS USERID 12345  TZ -05:00 [Clientname
> Version #]
> Linux 2.2.x Kernel format (ipchains)
> 
> Subject: FORMAT IPTABLES USERID 12345  TZ -05:00 [Clientname Version #]
> Linux 2.4.x Kernel format (iptables)
> 
> Subject: FORMAT SONICWALL USERID 12345  TZ -05:00 [Clientname Version #]
> 
> SonicWall format as created by the SonicWall firewall
> 
> Subject: FORMAT RAPTOR USERID 12345  TZ -05:00 [Clientname Version #]
> 
> Raptor format as created by the Raptor firewall
> 
> Subject: FORMAT DSHIELD USERID 12345  TZ -05:00 [Clientname Version #]
> 
> DShield format
> 
> DShield is the preferred format.
> 
> (12345 is the UserID in this case. Please substitute your own UserID.)
> TZ -05:00 would be for EST (Eastern Standard Time) Please put in your own time zone.
> Determine your time zone from this list:
> 
> (Optional) ClientName Version # should be the name of the client program and its version number. This is optional, but, if included, this helps us to debug any problems. Do not include the [] brace characters--they are to indicate that this is optional.
> 
> _____________________________________________________________
> A free email account your friends will never forget!
> Get YOURNAME at EmailAccount.com  at http://www.emailaccount.com/
> 
> _____________________________________________________________
> Promote your group and strengthen ties to your members with email at yourgroup.org by Everyone.net  http://www.everyone.net/?btn=tag
> 
>   --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 
> Asunto: Re: [Dshield] submit firewall logs
> Fecha: Thu, 23 May 2002 11:39:00 -0500
> De: "Shawn Cox" <shawn.cox at pcca.com>
> Responder a: list at dshield.org
> A: <list at dshield.org>, <Foxtail at emailaccount.com>
> Referencias: <20020523061428.D7F9436F9 at sitemail.everyone.net>
> 
> Have you tried Visual Zone?
> http://www.dshield.org/windows_clients.html#visualzone
> 
> http://www.visualizesoftware.com/visualzone/visualzone.htm
> 
> --Shawn
> 
> ----- Original Message -----
> From: "melvin smith" <Foxtail at emailaccount.com>
> To: "/" <list at dshield.org>
> Sent: Thursday, May 23, 2002 1:14 AM
> Subject: [Dshield] submit firewall logs
> 
> > I've been trying for a long time to figure out
> > how to submit firewall logs to dshield.
> > I have win98se, Opera 6.01 Browser and
> > zone alarm pro. What am I supposed to put
> > in the subject line?? I have no problem
> > with the time zone except where to put it.
> >
> > The instructions are for all kind
> > of obscure firewall programs such as sonicwall
> > and raptor, but nothing about zone alarm.
> > Somebody please take the time to post the
> > procedure please, I'm sure others have come
> > to this roadblock after going thru the sign
> > up process.  Thanks.     Mel.
> >
> >
> > How to send firewall logs to DShield as email
> >
> > Report submissions are accepted via e-mail. The email has to be sent to
> 'reports at dshield.org'. Please submit at least once a day, if possible, but
> no more often than once an hour.
> >
> > The subject line of the email should identify the format and the UserID
> (if known.) Please use one of the following formats:
> >
> > Subject: FORMAT IPCHAINS USERID 12345  TZ -05:00 [Clientname
> > Version #]
> > Linux 2.2.x Kernel format (ipchains)
> >
> > Subject: FORMAT IPTABLES USERID 12345  TZ -05:00 [Clientname Version #]
> > Linux 2.4.x Kernel format (iptables)
> >
> > Subject: FORMAT SONICWALL USERID 12345  TZ -05:00 [Clientname Version #]
> >
> > SonicWall format as created by the SonicWall firewall
> >
> > Subject: FORMAT RAPTOR USERID 12345  TZ -05:00 [Clientname Version #]
> >
> > Raptor format as created by the Raptor firewall
> >
> > Subject: FORMAT DSHIELD USERID 12345  TZ -05:00 [Clientname Version #]
> >
> > DShield format
> >
> > DShield is the preferred format.
> >
> > (12345 is the UserID in this case. Please substitute your own UserID.)
> > TZ -05:00 would be for EST (Eastern Standard Time) Please put in your own
> time zone.
> > Determine your time zone from this list:
> >
> > (Optional) ClientName Version # should be the name of the client program
> and its version number. This is optional, but, if included, this helps us to
> debug any problems. Do not include the [] brace characters--they are to
> indicate that this is optional.
> >
> > _____________________________________________________________
> > A free email account your friends will never forget!
> > Get YOURNAME at EmailAccount.com  at http://www.emailaccount.com/
> >
> > _____________________________________________________________
> > Promote your group and strengthen ties to your members with
> email at yourgroup.org by Everyone.net  http://www.everyone.net/?btn=tag
> >
> > _______________________________________________
> > Dshield mailing list
> > Dshield at dshield.org
> > To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> >
> 
>   --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 
> Asunto: RE: [Dshield] submit firewall logs
> Fecha: Thu, 23 May 2002 12:38:11 -0400
> De: "Wayne Larmon" <wlarmon at dshield.org>
> Responder a: list at dshield.org
> A: <list at dshield.org>
> 
> > I've been trying for a long time to figure out
> > how to submit firewall logs to dshield.
> > I have win98se, Opera 6.01 Browser and
> > zone alarm pro. What am I supposed to put
> > in the subject line?? I have no problem
> > with the time zone except where to put it.
> >
> > The instructions are for all kind
> > of obscure firewall programs such as sonicwall
> > and raptor, but nothing about zone alarm.
> > Somebody please take the time to post the
> > procedure please, I'm sure others have come
> > to this roadblock after going thru the sign
> > up process.  Thanks.     Mel.
> 
> It looks like you are on the page that describes how to write a client.  You
> don't need to do that, because there are already clients written to convert
> ZoneAlarm Pro logs to our DShield format and main them in.
> 
> Look at our Windows clients page.
> http://www.dshield.org/windows_clients.html  You can use either our own
> "Universal Firewall Client", or VisualZone.  Both are free.  VisualZone does
> more analysis of your ZoneAlarm log than our own client does.
> 
> Wayne Larmon
> wlarmon at dshield.org
> 
> > How to send firewall logs to DShield as email
> >
> > Report submissions are accepted via e-mail. The email has to be
> > sent to 'reports at dshield.org'. Please submit at least once a day,
> > if possible, but no more often than once an hour.
> >
> > The subject line of the email should identify the format and the
> > UserID (if known.) Please use one of the following formats:
> >
> > Subject: FORMAT IPCHAINS USERID 12345  TZ -05:00 [Clientname
> > Version #]
> > Linux 2.2.x Kernel format (ipchains)
> >
> > Subject: FORMAT IPTABLES USERID 12345  TZ -05:00 [Clientname Version #]
> > Linux 2.4.x Kernel format (iptables)
> >
> > Subject: FORMAT SONICWALL USERID 12345  TZ -05:00 [Clientname Version #]
> >
> > SonicWall format as created by the SonicWall firewall
> >
> > Subject: FORMAT RAPTOR USERID 12345  TZ -05:00 [Clientname Version #]
> >
> > Raptor format as created by the Raptor firewall
> >
> > Subject: FORMAT DSHIELD USERID 12345  TZ -05:00 [Clientname Version #]
> >
> > DShield format
> >
> > DShield is the preferred format.
> >
> > (12345 is the UserID in this case. Please substitute your own UserID.)
> > TZ -05:00 would be for EST (Eastern Standard Time) Please put in
> > your own time zone.
> > Determine your time zone from this list:
> >
> > (Optional) ClientName Version # should be the name of the client
> > program and its version number. This is optional, but, if
> > included, this helps us to debug any problems. Do not include the
> > [] brace characters--they are to indicate that this is optional.
> >
> > _____________________________________________________________
> > A free email account your friends will never forget!
> > Get YOURNAME at EmailAccount.com  at http://www.emailaccount.com/
> >
> > _____________________________________________________________
> > Promote your group and strengthen ties to your members with
> > email at yourgroup.org by Everyone.net  http://www.everyone.net/?btn=tag
> >
> > _______________________________________________
> > Dshield mailing list
> > Dshield at dshield.org
> > To change your subscription options (or unsubscribe), see:
> > http://www.dshield.org/mailman/listinfo/list
> >
> 
>   --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 
> Asunto: RE: [Dshield] submit firewall logs
> Fecha: Thu, 23 May 2002 17:53:16 +0100
> De: "Kevin Whelan" <Kevin at mfs-group.co.uk>
> Responder a: list at dshield.org
> A: <list at dshield.org>
> 
> I have been trying to find for a while if there is an easy way to submit
> ISA logs.  Does anyone know of any ways of doing this.
> 
> Thanking you in advance
> 
> 
> Kevin Whelan
> IT Manager
> 
> MFS
> 235 The Broadway
> Wimbledon
> London
> SW19 1SD
> 
> http://www.mfs-group.co.uk
> Tel.   020 8543 6244
> Fax.   020 8545 5377
> 
> This e-mail message and any attachment may contain confidential
> information intended for the addressee(s) only.
> 
> If you are not a named recipient or if you have received it in error,
> please e-mail the sender or telephone 020 8543 6244 and then delete the
> message from your system.  You should not read, use, copy, forward or
> disclose the contents to anyone else.
> 
> Unless the content of this e-mail has been approved by MFS IFA, any
> views or opinions expressed are those of the sender and do not
> necessarily represent those of the company.
> 
> As the internet is capable of corrupting data, and as e-mails can be
> intercepted, MFS will accept no responsibility for any loss of data, or
> damage caused if this email or any attachments contain a virus.
> 
> -----Original Message-----
> From: melvin smith [mailto:Foxtail at emailaccount.com]
> Sent: 23 May 2002 07:14
> To: /
> Subject: [Dshield] submit firewall logs
> 
> I've been trying for a long time to figure out
> how to submit firewall logs to dshield.
> I have win98se, Opera 6.01 Browser and
> zone alarm pro. What am I supposed to put
> in the subject line?? I have no problem
> with the time zone except where to put it.
> 
> The instructions are for all kind
> of obscure firewall programs such as sonicwall
> and raptor, but nothing about zone alarm.
> Somebody please take the time to post the
> procedure please, I'm sure others have come
> to this roadblock after going thru the sign
> up process.  Thanks.     Mel.
> 
> How to send firewall logs to DShield as email
> 
> Report submissions are accepted via e-mail. The email has to be sent to
> 'reports at dshield.org'. Please submit at least once a day, if possible,
> but no more often than once an hour.
> 
> The subject line of the email should identify the format and the UserID
> (if known.) Please use one of the following formats:
> 
> Subject: FORMAT IPCHAINS USERID 12345  TZ -05:00 [Clientname Version #]
> Linux 2.2.x Kernel format (ipchains)
> 
> Subject: FORMAT IPTABLES USERID 12345  TZ -05:00 [Clientname Version #]
> Linux 2.4.x Kernel format (iptables)
> 
> Subject: FORMAT SONICWALL USERID 12345  TZ -05:00 [Clientname Version #]
> 
> SonicWall format as created by the SonicWall firewall
> 
> Subject: FORMAT RAPTOR USERID 12345  TZ -05:00 [Clientname Version #]
> 
> Raptor format as created by the Raptor firewall
> 
> Subject: FORMAT DSHIELD USERID 12345  TZ -05:00 [Clientname Version #]
> 
> DShield format
> 
> DShield is the preferred format.
> 
> (12345 is the UserID in this case. Please substitute your own UserID.)
> TZ -05:00 would be for EST (Eastern Standard Time) Please put in your
> own time zone. Determine your time zone from this list:
> 
> (Optional) ClientName Version # should be the name of the client program
> and its version number. This is optional, but, if included, this helps
> us to debug any problems. Do not include the [] brace characters--they
> are to indicate that this is optional.
> 
> _____________________________________________________________
> A free email account your friends will never forget!
> Get YOURNAME at EmailAccount.com  at http://www.emailaccount.com/
> 
> _____________________________________________________________
> Promote your group and strengthen ties to your members with
> email at yourgroup.org by Everyone.net  http://www.everyone.net/?btn=tag
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
>   --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 
> Asunto: [Dshield] blacklist parsing help
> Fecha: Thu, 23 May 2002 12:53:23 -0500 (CDT)
> De: bradw <tildar at sta-care.com>
> Responder a: list at dshield.org
> A: list at dshield.org
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> all i want is a file with 1 ip/mask per line.
> trying to modify get_block.pl to do this
> 
> why is this not working?
> 
> # The block list that we downloaded from
> # http://feeds.dshield.org/block.txt
> open (F,"$tmpdir/$filenum");
> 
> open (O,"/etc/blacklist");
> 
> my ($start, $end, $block, $attacks, $name, $country, $email);
> while (<F>) {
>     next if /^#/;
>     ($start, $end, $block, $attacks, $name, $country, $email)=split("\t");
>     if ( ( $start =~ /^[\d\.]+$/ ) && ( $block =~ /^\d+/ ) ) {
>         print O "$start/$block \n";
>     }
> }
> 
> - --
> Brad Wyman           |\      _,,,---,,_
> bradw at sta-care.com  /,`.-'`'    -.  ;-;;,_
> Network Admin      |,4-  ) )-,_. ,\ (  `'-'
> Sta-Care, Inc.    '---''(_/--'  `-'_)
> 
> PGP Fingerprint: 8B1E E12F 3982 0D54 E01C  DFD3 898B 6CA3 ED6F 3E56
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE87SyZiYtso+1vPlYRApJ1AJ46IalL4ShhbjRj5kVuIYCuIfbXKgCffULC
> V42nLIkU0pw8WndwAAIuDds=
> =DWVN
> -----END PGP SIGNATURE-----
> 
>   --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 
> Asunto: RE: [Dshield] submit firewall logs
> Fecha: Thu, 23 May 2002 15:25:51 -0500
> De: Nick Calvert <ncalvert at edcodoc.com>
> Responder a: list at dshield.org
> A: "'list at dshield.org'" <list at dshield.org>
> 
> Has anyone heard of anything good about Watchguard firewalls?
> 
> -----Original Message-----
> From: Kevin Whelan [mailto:Kevin at mfs-group.co.uk]
> Sent: Thursday, May 23, 2002 11:53 AM
> To: list at dshield.org
> Subject: RE: [Dshield] submit firewall logs
> 
> I have been trying to find for a while if there is an easy way to submit
> ISA logs.  Does anyone know of any ways of doing this.
> 
> Thanking you in advance
> 
> 
> Kevin Whelan
> IT Manager
> 
> MFS
> 235 The Broadway
> Wimbledon
> London
> SW19 1SD
> 
> http://www.mfs-group.co.uk
> Tel.   020 8543 6244
> Fax.   020 8545 5377
> 
> This e-mail message and any attachment may contain confidential
> information intended for the addressee(s) only.
> 
> If you are not a named recipient or if you have received it in error,
> please e-mail the sender or telephone 020 8543 6244 and then delete the
> message from your system.  You should not read, use, copy, forward or
> disclose the contents to anyone else.
> 
> Unless the content of this e-mail has been approved by MFS IFA, any
> views or opinions expressed are those of the sender and do not
> necessarily represent those of the company.
> 
> As the internet is capable of corrupting data, and as e-mails can be
> intercepted, MFS will accept no responsibility for any loss of data, or
> damage caused if this email or any attachments contain a virus.
> 
> -----Original Message-----
> From: melvin smith [mailto:Foxtail at emailaccount.com]
> Sent: 23 May 2002 07:14
> To: /
> Subject: [Dshield] submit firewall logs
> 
> I've been trying for a long time to figure out
> how to submit firewall logs to dshield.
> I have win98se, Opera 6.01 Browser and
> zone alarm pro. What am I supposed to put
> in the subject line?? I have no problem
> with the time zone except where to put it.
> 
> The instructions are for all kind
> of obscure firewall programs such as sonicwall
> and raptor, but nothing about zone alarm.
> Somebody please take the time to post the
> procedure please, I'm sure others have come
> to this roadblock after going thru the sign
> up process.  Thanks.     Mel.
> 
> How to send firewall logs to DShield as email
> 
> Report submissions are accepted via e-mail. The email has to be sent to
> 'reports at dshield.org'. Please submit at least once a day, if possible,
> but no more often than once an hour.
> 
> The subject line of the email should identify the format and the UserID
> (if known.) Please use one of the following formats:
> 
> Subject: FORMAT IPCHAINS USERID 12345  TZ -05:00 [Clientname Version #]
> Linux 2.2.x Kernel format (ipchains)
> 
> Subject: FORMAT IPTABLES USERID 12345  TZ -05:00 [Clientname Version #]
> Linux 2.4.x Kernel format (iptables)
> 
> Subject: FORMAT SONICWALL USERID 12345  TZ -05:00 [Clientname Version #]
> 
> SonicWall format as created by the SonicWall firewall
> 
> Subject: FORMAT RAPTOR USERID 12345  TZ -05:00 [Clientname Version #]
> 
> Raptor format as created by the Raptor firewall
> 
> Subject: FORMAT DSHIELD USERID 12345  TZ -05:00 [Clientname Version #]
> 
> DShield format
> 
> DShield is the preferred format.
> 
> (12345 is the UserID in this case. Please substitute your own UserID.)
> TZ -05:00 would be for EST (Eastern Standard Time) Please put in your
> own time zone. Determine your time zone from this list:
> 
> (Optional) ClientName Version # should be the name of the client program
> and its version number. This is optional, but, if included, this helps
> us to debug any problems. Do not include the [] brace characters--they
> are to indicate that this is optional.
> 
> _____________________________________________________________
> A free email account your friends will never forget!
> Get YOURNAME at EmailAccount.com  at http://www.emailaccount.com/
> 
> _____________________________________________________________
> Promote your group and strengthen ties to your members with
> email at yourgroup.org by Everyone.net  http://www.everyone.net/?btn=tag
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> [[ Attachement of type text/html deleted]]
> 
>   --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 
> Asunto: RE: [Dshield] submit firewall logs
> Fecha: Thu, 23 May 2002 17:00:02 -0400
> De: "Nickie Westbrook" <Nickie.Westbrook at hmw.com>
> Responder a: list at dshield.org
> A: <list at dshield.org>
> 
> I have one and it has been great so far.. I inherited from our firm
> split.  I am still learning about it but so far it has done everything
> we have asked it to do..
> Nickie Westbrook
> Training and Support
> Helms, Mulliss & Wicker PLLC
> 
> -----Original Message-----
> From: Nick Calvert [mailto:ncalvert at edcodoc.com]
> Sent: Thursday, May 23, 2002 4:26 PM
> To: 'list at dshield.org'
> Subject: RE: [Dshield] submit firewall logs
> 
> Has anyone heard of anything good about Watchguard firewalls?
> 
> -----Original Message-----
> From: Kevin Whelan [mailto:Kevin at mfs-group.co.uk]
> Sent: Thursday, May 23, 2002 11:53 AM
> To: list at dshield.org
> Subject: RE: [Dshield] submit firewall logs
> 
> I have been trying to find for a while if there is an easy way to submit
> ISA logs.  Does anyone know of any ways of doing this.
> 
> Thanking you in advance
> 
> 
> Kevin Whelan
> IT Manager
> 
> MFS
> 235 The Broadway
> Wimbledon
> London
> SW19 1SD
> 
> http://www.mfs-group.co.uk
> Tel.   020 8543 6244
> Fax.   020 8545 5377
> 
> This e-mail message and any attachment may contain confidential
> information intended for the addressee(s) only.
> 
> If you are not a named recipient or if you have received it in error,
> please e-mail the sender or telephone 020 8543 6244 and then delete the
> message from your system.  You should not read, use, copy, forward or
> disclose the contents to anyone else.
> 
> Unless the content of this e-mail has been approved by MFS IFA, any
> views or opinions expressed are those of the sender and do not
> necessarily represent those of the company.
> 
> As the internet is capable of corrupting data, and as e-mails can be
> intercepted, MFS will accept no responsibility for any loss of data, or
> damage caused if this email or any attachments contain a virus.
> 
> -----Original Message-----
> From: melvin smith [mailto:Foxtail at emailaccount.com]
> Sent: 23 May 2002 07:14
> To: /
> Subject: [Dshield] submit firewall logs
> 
> I've been trying for a long time to figure out
> how to submit firewall logs to dshield.
> I have win98se, Opera 6.01 Browser and
> zone alarm pro. What am I supposed to put
> in the subject line?? I have no problem
> with the time zone except where to put it.
> 
> The instructions are for all kind
> of obscure firewall programs such as sonicwall
> and raptor, but nothing about zone alarm.
> Somebody please take the time to post the
> procedure please, I'm sure others have come
> to this roadblock after going thru the sign
> up process.  Thanks.     Mel.
> 
> How to send firewall logs to DShield as email
> 
> Report submissions are accepted via e-mail. The email has to be sent to
> 'reports at dshield.org'. Please submit at least once a day, if possible,
> but no more often than once an hour.
> 
> The subject line of the email should identify the format and the UserID
> (if known.) Please use one of the following formats:
> 
> Subject: FORMAT IPCHAINS USERID 12345  TZ -05:00 [Clientname Version #]
> Linux 2.2.x Kernel format (ipchains)
> 
> Subject: FORMAT IPTABLES USERID 12345  TZ -05:00 [Clientname Version #]
> Linux 2.4.x Kernel format (iptables)
> 
> Subject: FORMAT SONICWALL USERID 12345  TZ -05:00 [Clientname Version #]
> 
> SonicWall format as created by the SonicWall firewall
> 
> Subject: FORMAT RAPTOR USERID 12345  TZ -05:00 [Clientname Version #]
> 
> Raptor format as created by the Raptor firewall
> 
> Subject: FORMAT DSHIELD USERID 12345  TZ -05:00 [Clientname Version #]
> 
> DShield format
> 
> DShield is the preferred format.
> 
> (12345 is the UserID in this case. Please substitute your own UserID.)
> TZ -05:00 would be for EST (Eastern Standard Time) Please put in your
> own time zone. Determine your time zone from this list:
> 
> (Optional) ClientName Version # should be the name of the client program
> and its version number. This is optional, but, if included, this helps
> us to debug any problems. Do not include the [] brace characters--they
> are to indicate that this is optional.
> 
> _____________________________________________________________
> A free email account your friends will never forget!
> Get YOURNAME at EmailAccount.com  at http://www.emailaccount.com/
> 
> _____________________________________________________________
> Promote your group and strengthen ties to your members with
> email at yourgroup.org by Everyone.net  http://www.everyone.net/?btn=tag
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> [[ Attachement of type text/html deleted]]
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
>   --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 
> Asunto: RE: [Dshield] submit firewall logs
> Fecha: Thu, 23 May 2002 21:00:42 +0000 (GMT)
> De: "E.B. Dreger" <eddy+public+spam at noc.everquick.net>
> Responder a: list at dshield.org
> A: "'list at dshield.org'" <list at dshield.org>
> 
> NC> Date: Thu, 23 May 2002 15:25:51 -0500
> NC> From: Nick Calvert
> 
> NC> Has anyone heard of anything good about Watchguard firewalls?
> 
> I prefer a straight BSD box.  I've worked with a company that
> loves the thin




More information about the list mailing list