[Dshield] Standard Reporting
peteoutside at yahoo.com
Fri Mar 26 02:36:39 GMT 2004
In the interests of brevity, and getting replies and
analysis done a lot sooner, might it not be a good
idea to standardize the way in which people alert the
list to (possibly) malicious activity?
I just want to avoid, if possible, the following:
User1: I'm seeing weird traffic, anyone else getting
User2: What port?
User2: Is that tcp? or UDP?
User3: What IDS solution recorded the data?
User2: And can we please see some records?
User1: Here you go.
User4: Ok, can we get packet captures now?
etc. ad nauseum.
I have a basic idea but I'm open to suggestions...
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
More information about the list