[Dshield] Question about DShield log parsing

Pete Cap peteoutside at yahoo.com
Thu Jan 12 21:45:09 GMT 2006


All,
 
 I had a quick question about how logs are processed for DShield.
 
 When you submit a log, and you traffic is analyzed to be added to the port summaries, does it include both incoming and outgoing traffic?
 
 I mean, if you have a webserver then you would expect to submit a lot of port 80 hits.  What if you just have a lot of guys who surf the internet all day?  The destination port in all those transactions is going to be 80--so would it show up the same as if you were hosting a busy webserver?
 
 Just wondering...
 
 Regards,
 Pete
 

		
---------------------------------
Yahoo! Photos
 Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.


More information about the list mailing list