[unisog] Dshield like submission for local campus

Peter Van Epp vanepp at sfu.ca
Mon Jun 13 18:23:44 GMT 2005

> Everybody else - I've discovered the single biggest problem in running one of
> these is that users can never figure out how to submit really good firewall logs
> by themselves (no matter what ICF claims, broadcast packets to port 631 are
> probably *not* attack packets, and need to be filtered out. ;)

	From a position of ignorance on how easy this would be (and recognizing
that it may be more work than you can afford) I'd think a filter which would
probably need to be custom by reporting agent (which is why it may not be 
feasable) on your end would be the answer. Certainly most of the folks here
that run firewalls (and on occasion complain to me about being "attacked") 
wouldn't be able to make that determination on their own.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the unisog mailing list