[Dshield] Bad Dest IP reported using CVTWIN and RouterLog

John Duksta john at duksta.org
Mon Mar 17 12:03:03 GMT 2003


I've submitted an RFE to Norbert Desautels of GDG Systems (the author of 
RouterLog) to have an option added to RouterLog to include the Dest IP 
in the logfile. He has kindly agreed to add this option to his To Do 
list for RouterLog. This will, of course, have to be syncronized with a 
CVTWIN release so that CVTWIN understands that there is Dest IP included 
in the logfile.


John Duksta, CISSP
email:   john at duksta.org
home:    617.629.2130

Wayne Larmon wrote:
>>Would getting the "External IP Address" into the log files as above
>>satisfy dShield's "policy that our clients will only extract destination
>>IPs if they are in a log file." It should also keep track of the
>>changing IP address, so that the log reflects the real probes, what
>>address and port were probed and when, no matter how long of a delay
>>occurs until the data is reported. That would keep the data as
>>trustworthy, and accurate, as possible.
> Yes.  If the IP is in the log, then we will use it.
> Wayne Larmon
> DShield.org

More information about the list mailing list