[Dshield] DShield vs. Symantec
Johannes B. Ullrich
jullrich at sans.org
Wed Jan 7 18:06:52 GMT 2004
> LOL! Yup, because its always better to pay for something rather than get
> it free. ;-)
You don't have to pay to send data. Only to get alerts back you
need to pay ;-)
DShield/ISC is not a managed security service (or whatever the
buzz word is today). We are a community aimed to make each others live
easier. It not that you can sign a check and feel safe. I hope that
by signing up with DShield, you get engaged into the larger topic of
"Security" and start thinking about what you can change to make your
network more secure. Sometimes its a simple as running to Best Buy and
picking up a firewall, in other cases it may be a new corporate
acceptable use policy.
Overall, based on the collaborative model DShield is build around, you
can be assured that by submitting your data you help to find out about
new issues as soon as I do. (I will make another post later about
"research feeds" to answer some questions that came up yesterday in the
port 23 discussion).
> At least when Johannes sends out an alert he's reviewed the data first.
I don't filter manually. But the automatic filters are pretty
tight. (too tight for some users if you look at prior messages
to this list). Overall: its hard enough to get attention from
ISPs. Flooding them with e-mail doesn't increase the number
of hosts cleaned up. While its hard to find an optimum number,
my main goal is to earn a reputation for low-false-positives
(yes, they still happen).
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040107/d97e5d36/attachment.bin
More information about the list