[Dshield] Bad Dest IP reported using CVTWIN and RouterLog

Wayne Larmon wlarmon at dshield.org
Mon Mar 17 13:18:58 GMT 2003


> I've submitted an RFE to Norbert Desautels of GDG Systems (the author of
> RouterLog) to have an option added to RouterLog to include the Dest IP
> in the logfile. He has kindly agreed to add this option to his To Do
> list for RouterLog. This will, of course, have to be syncronized with a
> CVTWIN release so that CVTWIN understands that there is Dest IP included
> in the logfile.
>
> Regards,
>
> --
> John Duksta, CISSP
> email:   john at duksta.org
> home:    617.629.2130

Cool.  Let me know when this happens.  And please send me a sample of the
log in the new format so I can update CVTWIN, because I don't have any
routers that work with Routerlog.

Wayne Larmon
DShield.org

> Wayne Larmon wrote:
> >>Would getting the "External IP Address" into the log files as above
> >>satisfy dShield's "policy that our clients will only extract destination
> >>IPs if they are in a log file." It should also keep track of the
> >>changing IP address, so that the log reflects the real probes, what
> >>address and port were probed and when, no matter how long of a delay
> >>occurs until the data is reported. That would keep the data as
> >>trustworthy, and accurate, as possible.
> >
> >
> > Yes.  If the IP is in the log, then we will use it.
> >
> > Wayne Larmon
> > DShield.org




More information about the list mailing list