[Dshield] Question about DShield log parsing

Pete Cap peteoutside at yahoo.com
Thu Jan 12 21:45:09 GMT 2006

 I had a quick question about how logs are processed for DShield.
 When you submit a log, and you traffic is analyzed to be added to the port summaries, does it include both incoming and outgoing traffic?
 I mean, if you have a webserver then you would expect to submit a lot of port 80 hits.  What if you just have a lot of guys who surf the internet all day?  The destination port in all those transactions is going to be 80--so would it show up the same as if you were hosting a busy webserver?
 Just wondering...

Yahoo! Photos
 Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.

More information about the list mailing list