[Dshield] Unable to submit reports

Dave Simmons s67bigdave at verizon.net
Tue Aug 5 20:08:05 GMT 2003


Hello,

When I try to submit reports using VisualZone, with the mail server set to 
"mail.dshield.org" I get the following error message:

---------
Writing E-mail.
Connecting to mail.dshield.org.
Status: Resolving hostname mail.dshield.org.
Status: Connecting to 65.173.218.103.
Status: Disconnecting from 65.173.218.103.
Status: Not connected.
Socket Error # 10051
Network is unreachable.

An error occured while trying to submit the intrusion report to 
reports at dshield.org.

Please check your internet connection and verify that the DShield settings 
in the VisualZone configuration window are correct.
----------

This happens every time I try to submit a report.


My ISP's mail server requires authentication and the VisualZone program 
does not support email authentication and I have been informed that there 
are no plans to do so.

When trying to use the DShield Universal Firewall Client, cvtwin.exe, to 
send the reports, it seems to work. At least there are no errors reported. 
This program is also set to send reports using "mail.dshield.org". However, 
when I get my next "Daily DShield Report" it says that I have not submitted 
a report.

To submit reports, I use cvtwin.exe to convert the ZoneAlarm log, display 
the results in "DShield" format. Then copy and paste the results into a 
text editor to correct the following errors:

Remove any spaces at the end of the lines.
Change space-tabs to tabs.
Change spaces to tabs.

And then, if I forget to do the corrections in that order:

Change the double tabs to tabs.
Remove the tabs at the end of the lines.

The following line are actual lines generated by cvtwin.exe. (Except, of 
course, for my added notes and changes.)

2003-08-04 08:44:48 
-07:00      useridxx        1       65.83.176.90    8       67.225.104.207 
0       ICMP
                 ^            ^
             space     space 
                               and a space at the end of the line


2003-08-04 13:59:50 
-07:00      useridxx        1       80.224.67.182   2064    67.225.104.202 
17300   TCP     S
                 ^            ^
             space     space 
                            and a space-tab between the TCP and S


I copy and paste the results from the editor to my email program and send 
it to reports at dshield.org.

And then, I still end up with something like that below, when I receive the 
confirmation email:
--------
Lines in file: 389
                   Lines rejected: 46
Unique lines written to database: 344
   identical lines are added up on import.

   rejected lines (up to 10)
   -> --=======5AE25989=======
   -> Content-Type: text/plain; x-avg-checked=avg-ok-64A0732; 
charset=us-ascii; format=flowed
   -> Content-Transfer-Encoding: 8bit
   -> 27829      TCP     S
   -> 6346       TCP     S
   -> 6346       TCP     S
   -> 6346       TCP     S
   -> 6346       TCP     S
   -> 6346       TCP     S
---------


Any ideas about what is going on? Any possible solutions? Why can't I send 
reports using mail.dshield.org?


Software:
OS:             Win98SE (with all updates applied)
Email:          Eudora v5.2.1
Firewall:       ZoneAlarm v3.7.193 (to be updated to 3.7.202 after this is 
sent)
Client:         DShield Universal Firewall Client, cvtwin.exe v1.1.31
Client:         VisualZone v5.7


Yours,

Dave Simmons
822WU/2.07yrs   fiawol


More information about the list mailing list