> > I saw that Johannes but I am unclear as to how they are getting their > math. The main contributor as far as I know is your site - last I checked > you are watching ports denied as opposed to actual IDS event. Is there > some hand correlation here? > dShield.org not only analyzes 'plain firewall' logs, but setup a special track for code red logs. You are invited to se regular web logs to 'coderedat_private'. Apache makes a great IDS for code red. Also, the large number of sensors present within dshield allows us to correlate quickly and pinpoint scans even if they only target a limited subnet at first. -- ------- jullrichat_private Join http://www.DShield.org Distributed Intrusion Detection System ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 18:24:56 PDT