[Dshield] DShield vs. Symantec: new features?

Johannes B. Ullrich jullrich at sans.org
Thu Jan 8 14:49:41 GMT 2004

> Assume a large scale attack is launched (new virus like blaster or slammer), 
> wouldn't it be great if the local security system could be automatically 
> warned?

We do have an RSS feed, that may be useful:

it does include the infocon. 

I would be careful with automating a response based on this.
Maybe the response should be to wake the sysadmin? Not to
shut down any port?

Even if we would offer a https or signed version of this feed,
the response will still depend on your local network. It is
hard to predict what any change will do ("close port 80", "shut down
mail server" ?).

CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040108/fae741d4/attachment.bin

More information about the list mailing list