[unisog] Dshield like submission for local campus
Valdis.Kletnieks at vt.edu
Mon Jun 13 20:04:18 GMT 2005
On Mon, 13 Jun 2005 11:23:44 PDT, Peter Van Epp said:
> From a position of ignorance on how easy this would be (and recognizing
> that it may be more work than you can afford) I'd think a filter which would
> probably need to be custom by reporting agent (which is why it may not be
> feasable) on your end would be the answer. Certainly most of the folks here
> that run firewalls (and on occasion complain to me about being "attacked")
> wouldn't be able to make that determination on their own.
I basically ended up adding a bunch of MySQL code that nuked those things that
I was able to determine were busticated reports. At that point in the data flow,
the reporting agent isn't known anymore, but it didn't really matter for the
*really* egregious stuff. I probably could do a little better by putting the
smarts into the parser code - but that seemed like less payback for more work...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050613/f608d1e3/attachment.bin
More information about the unisog