[Dshield] Is DShield Dead?

Robert Nelson nelsrob at mts.net
Mon Jun 20 21:51:11 GMT 2005


This is how it works:

The BEFSR41 router sends a UDP packet to port 162 of the PC it is configured
to send logs to. If the PC is off, then the data is basically lost. You can
still log into the router to view log data it collected while your PC is
off, but there's not much point at trying to submit it, as the router does
not have a time stamp on those logs.

The logging software on your computer must be running to collect the data as
the router sends it. So you should have it start when Windows starts. Just
add it to the startup menu.

If you power off your PC when not in use, then what you may consider is
submitting the log just before you shut down.

I would recommend the WallWatcher/WW2DShield program, as it's probably the
easiest to use for this.

At the very least, DShield would get the info from when you are up and
running, which is still better than nothing.

Enjoy!

Robert

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org]On Behalf Of Alan Frayer
Sent: June 20, 2005 4:24 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Is DShield Dead?


Robert Nelson wrote:

>A Linksys BEFSR41 will work, Alan. Visit
>http://www.dshield.org/windows_clients.php#universal.
>
>You will need to configure your router for logging. Log into your router,
>and go to the Administration section. Look for the "Log" link there, and
>tell the router to log. You will need to know the IP Address the router has
>assigned to the PC you wish to have the logs sent to.
>
>
I knew the router logged, but didn't realize it would send the log to a
PC. This is good.

>You will need to install the logviewer program that should be on your
>Linksys installation CD.
>
>
I may have even installed it... but, it does require the PC to be
running when the router sends the log (doesn't it??? Or does the logger
pull the log?). This may be a problem for many households such as my
own, where the PCs are powered down when they aren't being used. If the
logger pulls the logs, and DShield doesn't mind intermittent reporting,
then I'm happy to oblige!

>You can use the DShield client listed on the Dshield site (CVTWIN) or use
>something like WallWatcher, which is free. It is available at
>http://www.wallwatcher.com/ - you will also need to download the WW2DShield
>program from there as well..
>
>
I will look into this.

-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
Details: http://www.sans.org/sansfire2005

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list