Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Code Red, anyone?

Re: Code Red, anyone?

From: Johannes B. Ullrich <jullrich_at_euclidian.com>
Date: Wed, 1 Aug 2001 19:25:24 -0400 (EDT)

>
> I saw that Johannes but I am unclear as to how they are getting their
> math. The main contributor as far as I know is your site - last I checked
> you are watching ports denied as opposed to actual IDS event. Is there
> some hand correlation here?
>

dShield.org not only analyzes 'plain firewall' logs, but setup a special
track for code red logs. You are invited to se regular web logs to
'codered_at_dshield.org'. Apache makes a great IDS for code red.

Also, the large number of sensors present within dshield allows us to
correlate quickly and pinpoint scans even if they only target a limited
subnet at first. 

-- 
-------
jullrich@sans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Received on Aug 02 2001
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos