[Dshield] Daily Reports Reporting weird

Wayne Larmon wlarmon at dshield.org
Wed Sep 3 19:24:30 GMT 2003


> I signed up and installed the Firewall Client and started submitting my
> ISA Server logs.  Daily reports flow in everyday and I notice something
> weird.  My ISA servers external IP tops the list when it comes to Top
> Port Scanners and Top Sources.
>
> Is something configured wrong?  ISA or firewall client?

Did you configure ISA as is described at
http://www.dshield.org/clients/isa_setup.php

Did you look at the results of the conversion to see that the source IP in
the ISA log are converted to the source IP in the DShield log?  The relevent
section of a DShield log is

....Source IP<tab>Source Port<tab>Target IP<tab>Target Port....

http://www.dshield.org/specs.php#dshield_format

If there is a problem with CVTWIN's conversion, then contact me off list so
we can resolve this.

Wayne Larmon
DShield.org
wlarmon at dshield.org





More information about the list mailing list