[Dshield] How representative?

Johannes Ullrich jullrich at euclidian.com
Mon Mar 24 22:41:40 GMT 2003

> I'm 
> wondering how many intrusion attempts the average DSL or Cable subscriber 
Right now, we have about 20-40 records per target IP per day.

> BTW, what is the relationship between DShield and ISC?

DShield and ISC use the same database (and actually run on the
same machines). DShield is essentially the collection engine and
the 'personalized' functions, while ISC fullfills the "public 
window" into the data. There is of course quite a bit of overlap.
Some of this is 'historic'. The original idea, which still stands,
was to setup multiple collection sites that feed summaries to the

Regarding coverage, it is kind of hard to tell. We do have a decent
geographic dispersion of submitters. However, in Asia, in particular
China, we are very thin (if anybody wants to recruit some submitters ;-) ).

jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org

More information about the list mailing list