[Dshield] Standard Reporting

Pete Cap peteoutside at yahoo.com
Fri Mar 26 02:36:39 GMT 2004


Greetings, List:

In the interests of brevity, and getting replies and
analysis done a lot sooner, might it not be a good
idea to standardize the way in which people alert the
list to (possibly) malicious activity?

I just want to avoid, if possible, the following:

User1: I'm seeing weird traffic, anyone else getting
this?
User2: What port?
User1: xxx.
User2: Is that tcp? or UDP?
User3: What IDS solution recorded the data?
User2: And can we please see some records?
User1: Here you go.
User4: Ok, can we get packet captures now?

etc. ad nauseum.

I have a basic idea but I'm open to suggestions...

Regards,
Pete

__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html




More information about the list mailing list