As far as reporting is concerned, we do have a number of ways you can query our DShield data. First of all, by prefix (right now only /8, /16, /24). But we do send out daily custom reports per request. Just send me an e-mail. There is also a test version of a report by ASN: http://www.dshield.org/asreport.php its experimental and feedback is welcome. It is setup to be machine parsable. On Wed, 2003-11-12 at 18:56, Jamie Reid wrote:
It would be useful if these sites allowed you to query them with CIDR ranges to see if your site had originated any traffic that triggered their sensor arrays. The IDS community never seems to have wrapped its collective head around routing information. Looking up single IP addrs is just cosmetic. A real service would allow for concerned sites to check their entire address allocations.
The solution we have takes a massive amount of data munging of a routing table and is still experimental, but until attacks can be mapped to meaningful Internet topographical information, the real value of these distributed IDS efforts cannot be fully exploited.
I can forsee the argument that people shouldn't be able to look up other sites which might be compromised, but if they are really so concerned, they should get their sites patched.
-- Jamie.Reid, CISSP, jamie.reid@mbs.gov.on.ca Senior Security Specialist, Information Protection Centre Corporate Security, MBS 416 327 2324
"Bryan Bradsby" <Bryan.Bradsby@capnet.state.tx.us> 11/12/03 04:25pm >>>
Devise a system that assumes owners of IP space WANT to know about problems. report --open-proxy 192.168.1.1 <logfiles and have a report sent to whoever needed to know about it.
http://www.Incidents.org http://www.Dshield.org/howto.php http://www.MyNetWatchman.com
-bryan bradsby --
Johannes Ullrich jullrich@euclidian.com pgp key: http://johannes.homepc.org/PGPKEYS -------------------------------------------------------------- "We regret to inform you that we do not enable any of the security functions within the routers that we install." support@covad.net --------------------------------------------------------------