[unisog] Dshield like submission for local campus

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Mon Jun 13 20:04:18 GMT 2005


On Mon, 13 Jun 2005 11:23:44 PDT, Peter Van Epp said:

> 	From a position of ignorance on how easy this would be (and recognizing
> that it may be more work than you can afford) I'd think a filter which would
> probably need to be custom by reporting agent (which is why it may not be 
> feasable) on your end would be the answer. Certainly most of the folks here
> that run firewalls (and on occasion complain to me about being "attacked") 
> wouldn't be able to make that determination on their own.

I basically ended up adding a bunch of MySQL code that nuked those things that
I was able to determine were busticated reports.  At that point in the data flow,
the reporting agent isn't known anymore, but it didn't really matter for the
*really* egregious stuff.  I probably could do a little better by putting the
smarts into the parser code - but that seemed like less payback for more work...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050613/f608d1e3/attachment.bin


More information about the unisog mailing list