[Dshield] Submitting logs from two devices

Anthony Rodgers Anthony_Rodgers at dnv.org
Fri Feb 9 17:14:57 GMT 2007


Great, Johannes - thanks!

A.

On Feb 8, 2007, at 4:29 PM, Johannes B. Ullrich wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> should work well if you just run two copies of cvtwin. You can use the
> same userid/account for both copies.
>
>
> Anthony Rodgers wrote:
> > Hi there,
> >
> > Is it acceptable to submit logs from two sources (Internet facing
> > firewall and a snort IDS that resides inside the firewall)? My 
> thinking
> > is that our IDS picks up on badness that gets through our firewall's
> > open ports and therefore might provide some additional useful data.
> >
> > If so, is it sufficient to have two instances of the Universal Client
> > running on a machine, using the same DShield ID?
> >
> > Regards,
>
>
> - --
> - ---------
> Johannes Ullrich                        jullrich at sans.org
> Chief Research Officer                     (617) 639 5000
> http://isc.sans.org
> PGP Key: https://secure.dshield.org/PGPKEYS
>
> "We use [isc.sans.org] every day to keep on top of
>  security at our bank" Matt, Network Administrator.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
>
> iD8DBQFFy8BaPNuXYcm/v/0RAvozAJ9sj3mgr8jpGhkj17xPPGWnk48aFgCfbSq4
> CjAKly6eDdAOq3kJsnDoQvU=
> =cvL3
> -----END PGP SIGNATURE-----
> _________________________________________
>
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)




More information about the list mailing list