Firewall Wizards mailing list archives
Re: "Who else picked this one up?"
From: Lance Spitzner <spitzner () dimension net>
Date: Sat, 1 May 1999 09:51:24 -0400 (EDT)
On Fri, 30 Apr 1999, Marcus J. Ranum wrote:
A few of us (some folks on the list and some of the folks at NFR) have been looking into adding a feature in the next version of Back Officer to allow someone to publish these kinds of records (potentially with a hashed IP address instead of the real one) to a central location for statistics, forensics, and to share within the security community.
Several of us in the Check Point FW1 community have already been doing this. Several months ago I developed a script that uses FW1 to detect scans, log the info in a database, alerts the admin, and then notifies the remote Admin of the scan. http://www.enteract.com/~lspitz/intrusion.html. The FW1 community has been sharing the results. You can find the results at http://www.enteract.com/~lspitz/alert.log. The information published is as follows: Source(real IP address) Date Time Service(what they were probing). You may want to check this at as a starting point for ideas. Note, so far we are not hidding the IP addresses of the source. We have NO intent to become some type of "RBL" for the security community. However, hasing the IP addresses of the source might be a good idea :) Hope this helps .... Lance Spitzner http://www.enteract.com/~lspitz/papers.html Internetworking & Security Engineer Dimension Enterprises Inc
Current thread:
- Re: "Who else picked this one up?" Lance Spitzner (May 01)
- Re: "Who else picked this one up?" dreamwvr (May 03)
- <Possible follow-ups>
- Re: "Who else picked this one up?" Craig H. Rowland (May 01)
- Re: "Who else picked this one up?" R. DuFresne (May 01)
- Re: "Who else picked this one up?" Paul D. Robertson (May 03)
- Re: "Who else picked this one up?" R. DuFresne (May 03)
- Re: "Who else picked this one up?" David Lang (May 04)
- Re: "Who else picked this one up?" Paul D. Robertson (May 04)
- Re: "Who else picked this one up?" R. DuFresne (May 04)
- Re: "Who else picked this one up?" Paul D. Robertson (May 04)
- Re: "Who else picked this one up?" Joseph S D Yao (May 05)
- Re: "Who else picked this one up?" Paul D. Robertson (May 03)