[Dshield] DShield vs. Symantec: new features?
Johannes B. Ullrich
jullrich at sans.org
Thu Jan 8 14:49:41 GMT 2004
> Assume a large scale attack is launched (new virus like blaster or slammer),
> wouldn't it be great if the local security system could be automatically
We do have an RSS feed, that may be useful:
it does include the infocon.
I would be careful with automating a response based on this.
Maybe the response should be to wake the sysadmin? Not to
shut down any port?
Even if we would offer a https or signed version of this feed,
the response will still depend on your local network. It is
hard to predict what any change will do ("close port 80", "shut down
mail server" ?).
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040108/fae741d4/attachment.bin
More information about the list