[Dshield] Newbie submission questions
an037-0m26i at yahoo.com
Fri Jun 17 03:36:01 GMT 2005
Responding to the ISC rally a few days ago for high-speed home users to
join, I have joined. But I have some questions (and I haven't found a
FAQ that addresses them). I posed the first question below to
info at dshield.org, but I haven't received a response. (For some reason,
it also took a few times trying to subscribe to this list before I got a
mailman "confirm" number. Hmm.)
The Linux iptable script send log submissions to report at dshield.org.
However, all the documentation indicates that submissions should go to
reports at dshield.org (extra s). report at dshield.org seems to work, but is
all the documentation wrong or are the two addresses supposed to be
equivalent? I tried sending to "reports" once, but I didn't get an
acknowledgment email. Sending to "report" results in acknowledgment
emails and increases in line counts on the reporting web page.
Acknowledgment emails say "PGP: No" at the bottom. Taking a hint from
http://www.dshield.org/pgp_doc.php, I hacked the .pl script to add a GPG
signature, and I uploaded my public key to my DShield profile (days
ago). I have tested the resultant email. Enigmail, the Mozilla Mail
GPG plugin, verifies the signature, so I know my hack is good. However,
the acknowledgment emails say the GPG signature lines are rejected, and
the bottom still says "PGP: No." What's up?
The (expired January 2005) GPG key to encrypt submissions is for
reports at dshield.org. I did find an old key (expired 2001 sometime, I
think) for report at dshield.org. Does DShield support encryption
currently (unrecognized correct signatures suggest not)? What should be
the recipient address for encrypted mail: report, reports, or something
Thanks for any wisdom you can provide.
More information about the list