Re: [TSG] Re: [logs] intrusion detection and log analysis [was: bookadvice]

• Previous message: Crispin Cowan: "Re: [TSG] Re: [logs] intrusion detection and log analysis [was: book advice]"
• In reply to: Crispin Cowan: "Re: [TSG] Re: [logs] intrusion detection and log analysis [was: book advice]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[Still crossposting wildly. Blame tbird :)]

Crispin Cowan wrote:
> 
> [how to stop DDoS:]
>     * traceback: follow the packets back to the source, discover the
>       zombies, and have them shut down.
>       [...]

Note of interest here: the IETF itrace WG was recently shut down
due to lack of interest from relevant parties.

The itrace draft will be cleaned up and published as an experimental
RFC, but that's it for this round.


-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Brian Erdelyi: "[logs] ArcSight vs CA's Security Command Center"
• Previous message: Crispin Cowan: "Re: [TSG] Re: [logs] intrusion detection and log analysis [was: book advice]"
• In reply to: Crispin Cowan: "Re: [TSG] Re: [logs] intrusion detection and log analysis [was: book advice]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Nov 08 2003 - 10:28:32 PST