[Dshield] Is DShield Dead?

Joel Esler eslerj at gmail.com
Mon Jun 20 11:35:19 GMT 2005


I received my first DShield report today in about a month.  WOO HOO!!

Joel


On Jun 20, 2005, at 7:10 AM, Chris Brenton wrote:

> On Sun, 2005-06-19 at 22:25, Al Reust wrote:
>>
>> Scrap as I drag out the Soap Box, as security no longer seems to be
>> happening here.
>
> WAHOOO! A soap box being dragged out and its not me on top of it. ;-)
>
> <disclaimer>
> I do not work for DShield and/or SANS and never have. I do however
> contract for SANS to author course material and teach at conferences. I
> do not represent either organization and make no claim to.
> </disclaimer>
>
>> My day consists of...
>
> The same stuff most of us go through. In the SANS 502 track I have a
> little speech about "If you are here you are obsessive compulsive but
> that's not necessarily a bad thing" that I do. Pretty much mirrors your
> description.
>
>> As I sit here and look at what has transpired in the DShield list in 
>> the
>> 20/30 days I see very little.
>
> I have not kept score, but it does *seem* like the S/N ratio is a 
> little
> higher than it used to be. This thread is probably a good example. We
> saw this on the intrusion list at incidents.org where the S/N got so
> high people started bailing. I would hate to see that happen here.
> Perhaps its time to spawn a dishied-admin/advocate/info or similar list
> so this type of thing can be off loaded there.
>
>>  Ever since it was unofficially announced that
>> DShield went "commercial." There has been very little other than 
>> complaints
>> that logging which still does not work (over two months now).
>
> Hummm. I'm not aware of any corporate structure change within DShield.
> Its still partially backed by SANS and partially backed by community
> involvement. There have been some changes over time (like the banner 
> ads
> at the end of the e-mails) but evolution is a fact of life. Its still
> mostly driven by Johannes over working himself. Personally I have a lot
> of respect for the guy not only for what he knows, but for how much he
> has given to the security community. You would be hard pressed to find
> anyone else in this industry who has given up as much of their free 
> time
> to helping us all out. Johannes gets very little of the credit he
> actually deserves.
>
>> We have the
>> Handlers Diary that provides more information about what is happening 
>> than
>> what shows up in the list.
>
> This is easy to fix, contribute. If there is something going on in the
> industry that you feel needs to be discussed, start a thread on it. One
> thing which is cool about this list is that general security 
> discussions
> are permitted. Its not just limited to talk about Dshield. If you see a
> hole, plug it by asking a question or starting an FYI thread.
>
>> "Names" I used to see talking here are now talking in other lists.
>
> Again, things evolve, change, move around. Its a fact of life. Refer to
> your job description, and its not uncommon for folks to get burned out.
> I myself used to post on different lists quite a lot, took a break, and
> I'm just getting back into it.
>
>> Why did DShield decide to not tell "us" that they went commercial, 
>> was this
>> an oversight?
>
> Speaking for just myself here, I'm hard pressed to feel like
> Johannes/DShield owes me anything. If I look at what I have put into 
> the
> entity Vs. what I have received back, I'm the clear winner. I too have
> used information off of this site to help me work more effectively and
> be better at my job.
>
>> At this point I feel that most felt that the efforts of many
>> individuals (who helped them gain status) have been insulted.
>
> Again, speaking only for myself (someone who has contributed to DShield
> but granted very little compared to Johannes and many others) I'm not
> sure how "insulted" works into the picture. I recognize that Johannes
> has done a lot for the community and that his heart is in the right
> place. I also realize that I don't know as much about whats going on
> behind he scenes as he does, and that he is doing the best he can with
> what he has to work with, So I guess for me its a matter of whether you
> trust him or not. Given what he has done for us so far I trust the guy.
>
>> Has the Community lost confidence in DShield?
>
> Here's the question that caused me to hit the "Re:" button in the first
> place. ;-) I don't think this is a problem with DShield, so much as a
> problem with the industry in general. Five years ago you saw the white
> hat side being *far* more proactive in addressing what ails us. This 
> has
> tapered off over the last few years, I *think* out of frustration and
> burn out. So this is not just happening here, its happening all over.
> Kind of scary as attacks are getting far more coordinated and
> sophisticated than they used to be. Am I implying we are losing the
> security war? I think we take three steps forward and two steps back.
> For example you see a lot more sites at least having some semblance of
> perimeter security than you used to. Unfortunately you are also seeing 
> a
> lot more tools specifically designed to breech a perimeter so basic
> security is not nearly enough anymore.
>
>> Has going "commercial" caused to DShield to lose the trust of those 
>> that
>> felt it was a very worthwhile area to converse?
>
> Again, I don't claim to speak for the entire community. I can only 
> speak
> for myself. Having half a clue about what it takes to pull together 
> what
> Johannes has assembled, I am extremely thankful he's on our side and 
> has
> provided this level of community exchange of information.
>
>> Have the "new" duties of Johannes; caused things that used to happen, 
>> here
>> not happen?
>
> Please don't take this the wrong way, but this question kind of bugs 
> me.
> It kind of implies that Johannes is responsible to the community or
> "owes us" something. If you were to ask him face to face, I'm sure he
> would tell you that he is. From an outsider's perspective however I 
> have
> to go back to that "I've taken more away from DShield than I've put 
> into
> it". With this in mind I'm hard pressed to feel like he owes me
> anything. Is Johannes busy? Absolutely. Is he rolling in the money from
> DShield? I'm hard pressed to believe that he's not still contributing
> out of his own pocket.
>
>> Does Dshield plan to correct all this and invite those professionals 
>> back?
>
> I don't speak for Johannes so I'll let him flag this one. My guess is
> he's working as hard as he can to keep the system stable and add in
> improvements.
>
>> Are the Handlers that once used to be "volunteers" being compensated 
>> for
>> their efforts?
>
> I'm no longer a handler so I can't answer this but I'm guessing "no". I
> did it for three years myself and did it to help the community, not try
> and extract some form of compensation. I was paid in the percentage of
> the Internet I helped to secure. To me that was worth far more. Knowing
> some of the handlers personally, I'm guessing they have similar
> motivations.
>
>> IF DShield receives monetary gain from information posted via the 
>> list of
>> the log submissions, what plan for acknowledgement are in place or 
>> will be
>> constructed.
>
> OK, let's turn this around. You mentioned that you use DShield as a
> source of info to better execute your job. What level of acknowledgment
> and/or compensation do you have in place for that? I don't mean to 
> sound
> like a jerk with that comment, but its a two way street. The difference
> is that most of us post logs and/or contribute info when we have it
> available. Its Johannes and crew that deal with figuring out which 
> small
> portions of it actually mean something every day, all day long. They
> also deal with bandwidth issues, hardware issues, and a host of other
> problems that for the most part are pretty invisible to all of us.
>
>> Please review what is happening in the world and look at which 
>> "alerts"
>> have not been posted in this list.  Since 5/18/2005 there have been 
>> 5/7
>> items posted that have any relevance...
>
> I'll admit the S/N seems higher as of late, but not that high. Just in
> the last week I've saved 4 different topic threads with some useful
> info. Heck Fergie posts more than that on a regular basis. ;-)
>
>> Most of the traffic is that DShield
>> is not correctly processing information (logs) that helped them go 
>> commercial.
>
> Agreed this has been pretty high. Again, maybe its time to spawn an
> administration list so they don't show up here.
>
>> I fully expect Deb to answer as she seems to be Johannes voice over 
>> the
>> last couple of months. Thank You Deb!
>
> Well I'm not Deb but hopefully I've given you a different perspective.
> If you feel like something is missing, get in and fill the gap rather
> than complain that wondering why someone else is not doing it.
>
> Cheers,
> Chris
>
>
> -------------- Sponsor Message ------------------------------------
> Join us at SANSFIRE 2005 in Atlanta!
> The Internet Storm Center Conference.
> Details: http://www.sans.org/sansfire2005
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list