[Dshield] Dshield is alive for me

Martin Sheard martin at mgjs.co.uk
Mon Jun 20 16:08:25 GMT 2005


Why did I join Dshield - simple really, like, I hope, most people that 
are connected to the Internet all day I installed a software firewall as 
soon as I got ADSL. Originally Sygate (free version) but eventually 
after checking a few sites I tried ZoneAlarm (free again but very soon 
went to the Pro version).

To start with things were very quiet mostly and all I really used to see 
were perhaps 100 or so entries against port 137 and occasionally a port 
scan. I started reporting port scans to the offending ISP's and usually 
got a response and a report of the outcome of any action taken. 
Eventually a couple of ISP's suggested that I joined either Dshield or 
MyNetWatchman. After checking out both websites I decided that yes this 
is the way to go, I appreciated that the abuse teams at most ISP's were 
probably inundated with emails complaining about entries from addresses 
in their IP block appearing in somebodies firewall log and it made sense 
to me that if there was someway of collecting all this information that 
a better picture of what was really happening could be seen and then a 
system of sending, hopefully, one email with details to ISP's about 
several firewall logs would ease the load on the abuse teams and allow 
them to deal properly with incidents, naive perhaps but one has to live 
in hope.

As I said earlier, I checked both Dshield and MyNetWatchman, after 
having a browse through the posts to this list I decided that Dshield 
was the one to join. I didn't expect anything from taking part and don't 
really want anything from taking part, for me it enough to just provide 
a copy of my logs and hope they are useful, I agreed to sending 
"fightback" so haven't bothered to send any reports to any abuse team 
since joining. Having said that I didn't expect or want anything from 
taking part I can say that I certainly have received a lot and mostly 
from this list just reading the posts and replies is very educating and 
I hope it will continue to be so.

The problems that have been commented on about not receiving daily 
reports etc., have not applied to me as I have not submitted any for a 
while as I purchased a new router some time ago and although I have no 
problem getting the logs to be able to submit them (both WallWatcher & 
SysLog Daemon work for me) the problem I have is the router only logs 
very few actual entries and sometimes none all day,  (yes I am as 
confident as it is possible to be that the router is blocking everything 
it should be, the default rule for the router is to never log), I sent 2 
emails to "info" at Dshield etc but didn't receive any reply, then from 
this list it became apparent that there were a few problems and that 
Johannes was away so I have decided to wait until things calm down and 
everybody has more time, then I can try again.

So, I for one appreciate everything Johannes and all the Dshield team 
does and try to do, I appreciate all the posts and everybody that 
contributes in any way, therefore from me my thanks to everybody and my 
plea to everybody to please have patience and please continue to keep 
this list alive which to me means keeping the flow of information going.

Martin Sheard




More information about the list mailing list