[SpamCop-List] Re: reporting probes to my system

[Mike Easter]

Robert Blair wrote:
> "Mike Easter"
>> http://www.dshield.org/  DShield provides a platform for users of
>> firewalls to share intrusion information. DShield is a free and open
>> service.
>
> Not a reporting service, it is a blocklist.

I wouldn't say 'it is a blocklist' but the sharing of information can be
used in several ways, including that blocklist which is described at
http://www.dshield.org/block_list_info.php  - but DShield doesn't perform
the same way as MNW.  DShield accumulates logs from many and thus
facilitates sharing information but it doesn't report to providers like
MNW does.

Reports and Database Summaries
 Top 10 Most Wanted  Top 10 offenders according to the DShield database.
Top 10 Ports  Top 10 most probed ports.
Port Report  Provides a thirty day history of a user selected port.
IP Info  Provides information about an IP address.
Subnet Report  Get a summary of recent activity from a Subnet
Block List  List of IP address ranges that you might want to block.

>> http://www.mynetwatchman.com/  myNetWatchman collects, analyzes and
>> reports malicious access attempts to ISPs, who can then take action
>> against the offending machines.
>
> I am not using a supported OS or firewall (I expected this) which is
> why my original questions so I can send my own LARTS.

User-Agent: ProNews/2 V1.53.cp050

As well as I can tell, that must be OS2, which would make those available
clients for Win or /n/x not helpful.  And if there's no hardware firewall
to use as a source of logs that's another problem.  Does that mean that
you have no software intrusion management system and no hardware firewall
either?    Hmmm.  Where are your logs coming from?

DShield 'encourages' deveoping your own client at
http://www.dshield.org/specs.php

MNW encourages those with 'alternate' OSes besides Win & /n/x to use
their WebAgent submission
http://www.mynetwatchman.com/setup-install-web.asp


-- 
Mike Easter
kibitzer, not SC admin