[Dshield] Is DShield Dead?

David Taylor ltr at isc.upenn.edu
Mon Jun 20 22:35:02 GMT 2005

I was talking with rras on #dshielders about this and I get a feeling that
people use Dshield for different reasons.  A lot of us are interested in the
feature that lets us help the community by uploading our logs to Dshield
where the attacks can be organized in a database which can then be used to
track attack trends, etc (globally).  Some seem to want detailed reports
pertaining to their own network.  

What would be the possibility of building the local reporting part of
dshield into the client (rras's recommendation unless it is a bad idea where
I will take credit =) ).  Data can be sent to Dshield but locally their own
reports can be generated? This would take a lot of processing off the
servers SANS has provided and target processing at the client level?

Just a thought.

David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
LTR at ISC.UPENN.EDU               (215) 898-1236

SANS - The Twenty Most Critical Internet Security Vulnerabilities 

SANS - Internet Storm Center

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Johannes B. Ullrich
Sent: Monday, June 20, 2005 7:42 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Is DShield Dead?

> As I sit here and look at what has transpired in the DShield list in the 
> 20/30 days I see very little. Ever since it was unofficially announced
> DShield went "commercial." 

Could you fill me in on this please? I think I am *running* DShield, and 
had no idea that it went "commercial" ;-)

Personally, I do make a living working for SANS, and SANS is nice enough 
to allow me to spend a good chunk of my paid time on DShield/ISC. But 
this hasn't happened recently (happened about 4 years ago).

> There has been very little other than complaints 
> that logging which still does not work (over two months now). We have the 
> Handlers Diary that provides more information about what is happening than

> what shows up in the list. "Names" I used to see talking here are now 
> talking in other lists.

Complaints about DShield are on topic for this list. Actually, its kind 
of what the list was originally started for. I made a few attempts in 
the past to split the list into a "security" and a "DShield" list, but 
it hasn't worked in the past.

> Why did DShield decide to not tell "us" that they went commercial, was
> an oversight?

Maybe the other lists you are hanging out on are not all that great ;-)

> Have the "new" duties of Johannes; caused things that used to happen, here

> not happen?

Well, I do have other duties aside from taking care of DShield. As such, 
there is of course limited time to attend to various problems. Over the 
last months, I spent most of the time on the road for various reasons, 
so yes, DShield hasn't gotten a lot of attention.

After all, DShield is NOT COMMERCIAL, but I do have to make a living ;-)

> Are the Handlers that once used to be "volunteers" being compensated for 
> their efforts?

Handlers are not compensated for their effort. At this point, each 
handler receives a free (but very cool) handler shirt and a couple of 
Internet Storm Center bumper stickers.

> I fully expect Deb to answer as she seems to be Johannes voice over the 
> last couple of months. Thank You Deb!

Yes. Thanks Deb! She is great when it comes to draw my attention to high 
priority issues.

Of course: feel free to post a follow up post of the kind you would like 
to see on this list ;-)

Johannes Ullrich                        jullrich at sans.org
Chief Research Officer                     (617) 639 5000
PGP Key: https://secure.dshield.org/PGPKEYS

"We use [isc.sans.org] every day to keep on top of
  security at our bank" Matt, Network Administrator.

-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
Details: http://www.sans.org/sansfire2005

send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list