[unisog] Dshield like submission for local campus
Bishwa.Bhandari at atosorigin.com
Tue Jun 14 09:45:46 GMT 2005
Interesting page and data.
I have been looking at it for a few days now.
It seems unusual that the "most attacked" port is "67" (bootps).
This is probably just false alerts generated by each DHCP request broadcast packet on the network.
From: marchany at vt.edu [mailto:marchany at vt.edu]
Sent: 13 June 2005 18:45
To: UNIversity Security Operations Group
Subject: Re: [unisog] Dshield like submission for local campus
>Ok.. I'm not seeing from dshield how one sets this up themselves. Is
>there a pointer somewhere?
Johannes Ullrich, Dshield developer, has indicated he's willing to let EDU use
the DSHIELD code to set up local dshield sites like ours
(http://dshield.cirt.vt.edu). He gave us the code 2 years ago and we modified
it to fit our site/needs. It will take some work to set up.
Basically, you would get the dshield distribution code from him and install it
on your system. I don't have his email address handy but if you go to
www.dshield.org, you can get it from there.
unisog mailing list
unisog at lists.sans.org
This e-mail and the documents attached are confidential and intended
solely for the addressee; it may also be privileged. If you receive this
e-mail in error, please notify the sender immediately and destroy it.
As its integrity cannot be secured on the Internet, the Atos Origin group
liability cannot be triggered for the message content. Although the
sender endeavours to maintain a computer virus-free network, the sender
does not warrant that this transmission is virus-free and will not be
liable for any damages resulting from any virus transmitted.
More information about the unisog