From: aleph1at_private
Date: Mon Oct 15 2001 - 12:42:44 PDT

  • Next message: aleph1at_private: "OpenSSH SRP patch 20011012 (Snapshot)" 1.8
      by Viraj Alankar (
      Sunday, October 14th 2001 18:28
    Categories: Internet :: Log Analysis, Security, System :: Networking ::
    About: is a small script that, when given syslogs generated by
    snort or other tools, can generate an incident report for events that
    appear to be attempted security attacks, gather information on the remote
    host, and report the attack to the appropriate administrators. 
    Changes: RWHOIS is now being used for ARIN as well as domain lookups, and
    new options have been added to process all IPs in the input at once. There
    is better handling of RWHOIS timeouts and errors, and more incorrect server
    responses are detected. Domains with MX records are given more credibility
    than others without MX records even if there is whois information for the
    non-MX domain. and have been added to the list
    of ignored domains, and other minor bugs have been fixed. 
    License: GNU General Public License (GPL)
    Elias Levy
    Si vis pacem, para bellum

    This archive was generated by hypermail 2b30 : Mon Oct 15 2001 - 12:47:17 PDT