[unisog] Dshield like submission for local campus

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Tue Jun 14 18:28:21 GMT 2005


On Tue, 14 Jun 2005 10:45:46 BST, "Bhandari, Bishwa" said:
> It seems unusual that the "most attacked" port is "67" (bootps).
> This is probably just false alerts generated by each DHCP request broadcast packet on the network.

As I said, most sites will end up needing some local filtering to throw out
things that aren't attacks - there are some firewalls (ICF comes to mind) that
don't have a concept of "discard silently" - if you discard the packet, you
generate a log entry.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050614/271bcf27/attachment.bin


More information about the unisog mailing list