[Dshield] new fightback system

Johannes B. Ullrich jullrich at sans.org
Mon Jun 14 20:02:18 GMT 2004




Last night, I took a new fightback system live. The purpose
of this system is twofold:

- improve performance. The old system didn't keep up with the
  reports and in addition caused the data imports to slow down.
  So under heavy load, this caused not only outbound fightbacks
  to slow down to a crawl, but it also caused the fightback
  system to block new imports.
- better transparency for users. The old system didn't provide
  much feedback about its status. Not only was it hard to 
  debug, but it was hard to communicate to you (users of the
  system) what it is actually doing.

At this point, the automatic fightback messages are integrated
into this system. The user triggered messages will be integrated
shortly (just waiting for a couple days to work out any bugs).

To check the fightback systems status, see:
http://www.dshield.org/fightback_status.php

The numbers are not quite right yet, as some of them still reflect
some of the testing I have done. (e.g. the table at the
bottom was reset a couple times and the 'sent' count is lower
then the actual number). Over the next day or so, this 
should improve.

Whenever new reports are processed, the new system will screen
the batch for likely fightback candidates and add them to a
fightback queue. A second script will then run though this
queue, do some more detailed verification and if the report
passes, a fightback message will be sent.

BTW: we are very close to sending out 1 Millionths message ;-).

-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040614/74ce2e13/attachment.bin


More information about the list mailing list