[Dshield] Dshield Reports

Jean-Pierre Schwickerath dshield at hilotec.net
Fri Aug 26 16:24:52 GMT 2005



> Hi,
> 
> I'm considering adding the Dshield Blocklist to my IPTables FW. I do
> have a couple questions.
> 
> Is there a larger list (as in Top 100 subnets)?

Don't know about that but the list at http://feeds.dshield.org/block.txt
is a top-20.

> I'm also considering scripting the Top 10 Offenders list into a chain.
> I am aware that some of those offenders are already blocked by the
> Dshield Blocklist, but not all.
> 
> How often is the Top 10 Offenders list updated?

It's updated quite often. Check the "updated" tag in the block.txt. I
download a copy twice a day. 

The offenders you want to script are the top-10 attacking your
particular host?

I had some troubles to make the get_block.pl running. When running it
from the bash it worked like a charm but as soon as it was called from a
cron job it would only download an empty file. I replaced the
downloading with a wget call and haven't had any troubles since. 

Regards,

Jean-Pierre

-- 
HILOTEC Engineering + Consulting GmbH
Energietechnik und Datensysteme
Tel: +41 34 402 74 00 - http://www.hilotec.com/


More information about the list mailing list