Security Incidents mailing list archives

Re: Code Red, anyone?

From: "Johannes B. Ullrich" <jullrich () euclidian com>
Date: Wed, 1 Aug 2001 19:25:24 -0400 (EDT)


I saw that Johannes but I am unclear as to how they are getting their
math. The main contributor as far as I know is your site - last I checked
you are watching ports denied as opposed to actual IDS event. Is there
some hand correlation here?


dShield.org not only analyzes 'plain firewall' logs, but setup a special
track for code red logs. You are invited to se regular web logs to
'codered () dshield org'. Apache makes a great IDS for code red.

Also, the large number of sensors present within dshield allows us to
correlate quickly and pinpoint scans even if they only target a limited
subnet at first.


-- 
-------
jullrich () sans org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

RE: Code Red, anyone?, (continued)
- RE: Code Red, anyone? Information Security (Aug 01)
  - RE: Code Red, anyone? Chip McClure (Aug 01)
- RE: Code Red, anyone? Jürgen Nieveler (Aug 01)
  - Re: Code Red, anyone? Seth Arnold (Aug 01)
- Re: Code Red, anyone? Pat Wilson (Aug 01)
  - Re: Code Red, anyone? jan (Aug 01)
  - Re: Code Red, anyone? Pluto (Aug 01)
- RE: Code Red, anyone? Thompson, John J (Aug 01)
- Re: Code Red, anyone? Alfred Huger (Aug 01)
  - Re: Code Red, anyone? Dirk Brockhausen (Aug 01)
  - Re: Code Red, anyone? Johannes B. Ullrich (Aug 01)
- Re: Code Red, anyone? Chris A. Mattingly (Aug 01)
- Re: Code Red, anyone? Ivan Andres Hernandez Puga (Aug 01)
- RE: Code Red, anyone? kerveros (Aug 01)
- RE: Code Red, anyone? Joe Lareau (Aug 01)