>
> I saw that Johannes but I am unclear as to how they are getting their
> math. The main contributor as far as I know is your site - last I checked
> you are watching ports denied as opposed to actual IDS event. Is there
> some hand correlation here?
>

dShield.org not only analyzes 'plain firewall' logs, but setup a special
track for code red logs. You are invited to se regular web logs to
'codereddshield.org'. Apache makes a great IDS for code red.

Also, the large number of sensors present within dshield allows us to
correlate quickly and pinpoint scans even if they only target a limited
subnet at first.

-- 
-------
jullrichsans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]