Security Incidents mailing list archives
Re: Code Red, anyone?
From: "Johannes B. Ullrich" <jullrich () euclidian com>
Date: Wed, 1 Aug 2001 19:25:24 -0400 (EDT)
I saw that Johannes but I am unclear as to how they are getting their math. The main contributor as far as I know is your site - last I checked you are watching ports denied as opposed to actual IDS event. Is there some hand correlation here?
dShield.org not only analyzes 'plain firewall' logs, but setup a special track for code red logs. You are invited to se regular web logs to 'codered () dshield org'. Apache makes a great IDS for code red. Also, the large number of sensors present within dshield allows us to correlate quickly and pinpoint scans even if they only target a limited subnet at first. -- ------- jullrich () sans org Join http://www.DShield.org Distributed Intrusion Detection System ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: Code Red, anyone?, (continued)
- RE: Code Red, anyone? Information Security (Aug 01)
- RE: Code Red, anyone? Chip McClure (Aug 01)
- RE: Code Red, anyone? Jürgen Nieveler (Aug 01)
- Re: Code Red, anyone? Seth Arnold (Aug 01)
- Re: Code Red, anyone? Pat Wilson (Aug 01)
- Re: Code Red, anyone? jan (Aug 01)
- Re: Code Red, anyone? Pluto (Aug 01)
- RE: Code Red, anyone? Thompson, John J (Aug 01)
- Re: Code Red, anyone? Alfred Huger (Aug 01)
- Re: Code Red, anyone? Dirk Brockhausen (Aug 01)
- Re: Code Red, anyone? Johannes B. Ullrich (Aug 01)
- Re: Code Red, anyone? Chris A. Mattingly (Aug 01)
- Re: Code Red, anyone? Ivan Andres Hernandez Puga (Aug 01)
- RE: Code Red, anyone? kerveros (Aug 01)
- RE: Code Red, anyone? Joe Lareau (Aug 01)
- RE: Code Red, anyone? Information Security (Aug 01)