[unisog] Dshield like submission for local campus

Bhandari, Bishwa Bishwa.Bhandari at atosorigin.com
Tue Jun 14 09:45:46 GMT 2005

Interesting page and data.

I have been looking at it for a few days now.
It seems unusual that the "most attacked" port is "67" (bootps).
This is probably just false alerts generated by each DHCP request broadcast packet on the network.

Thanking You,

-----Original Message-----
From: marchany at vt.edu [mailto:marchany at vt.edu]
Sent: 13 June 2005 18:45
To: UNIversity Security Operations Group
Subject: Re: [unisog] Dshield like submission for local campus

>Ok.. I'm not seeing from dshield how one sets this up themselves. Is  
>there a pointer somewhere?

Johannes Ullrich, Dshield developer, has indicated he's willing to let EDU use 
the DSHIELD code to set up local dshield sites like ours 
(http://dshield.cirt.vt.edu). He gave us the code 2 years ago and we modified 
it to fit our site/needs. It will take some work to set up.

Basically, you would get the dshield distribution code from him and install it 
on your system. I don't have his email address handy but if you go to 
www.dshield.org, you can get it from there.


unisog mailing list
unisog at lists.sans.org

This e-mail and the documents attached are confidential and intended 
solely for the addressee; it may also be privileged. If you receive this 
e-mail in error, please notify the sender immediately and destroy it.
As its integrity cannot be secured on the Internet, the Atos Origin group 
liability cannot be triggered for the message content. Although the 
sender endeavours to maintain a computer virus-free network, the sender 
does not warrant that this transmission is virus-free and will not be 
liable for any damages resulting from any virus transmitted.

More information about the unisog mailing list