[Dshield] Bad Dest IP reported using CVTWIN and RouterLog
wlarmon at dshield.org
Mon Mar 17 13:18:58 GMT 2003
> I've submitted an RFE to Norbert Desautels of GDG Systems (the author of
> RouterLog) to have an option added to RouterLog to include the Dest IP
> in the logfile. He has kindly agreed to add this option to his To Do
> list for RouterLog. This will, of course, have to be syncronized with a
> CVTWIN release so that CVTWIN understands that there is Dest IP included
> in the logfile.
> John Duksta, CISSP
> email: john at duksta.org
> home: 617.629.2130
Cool. Let me know when this happens. And please send me a sample of the
log in the new format so I can update CVTWIN, because I don't have any
routers that work with Routerlog.
> Wayne Larmon wrote:
> >>Would getting the "External IP Address" into the log files as above
> >>satisfy dShield's "policy that our clients will only extract destination
> >>IPs if they are in a log file." It should also keep track of the
> >>changing IP address, so that the log reflects the real probes, what
> >>address and port were probed and when, no matter how long of a delay
> >>occurs until the data is reported. That would keep the data as
> >>trustworthy, and accurate, as possible.
> > Yes. If the IP is in the log, then we will use it.
> > Wayne Larmon
> > DShield.org
More information about the list