The Internet's Immune System

Johannes Ullrich jullrich at
Thu Nov 13 00:37:30 UTC 2003

As far as reporting is concerned, we do have a number of ways you can
query our DShield data. First of all, by prefix (right now only /8, /16,
/24). But we do send out daily custom reports per request. Just send me
an e-mail.

There is also a test version of a report by ASN:
its experimental and feedback is welcome. It is setup to be machine

On Wed, 2003-11-12 at 18:56, Jamie Reid wrote:
> It would be useful if these sites allowed you to query them with CIDR ranges to 
> see if your site had originated any traffic that triggered their sensor arrays. The 
> IDS community never seems to have wrapped its collective head around routing 
> information. Looking up single IP addrs is just cosmetic. A real service would 
> allow for concerned sites to check their entire address allocations. 
> The solution we have takes a massive amount of data munging of a routing
> table and is still experimental, but until attacks can be mapped to meaningful Internet
> topographical information, the real value of these distributed IDS efforts cannot be fully 
> exploited.  
> I can forsee the argument that people shouldn't be able to look up other sites
> which might be compromised, but if they are really so concerned, they should 
> get their sites patched. 
> --
> Jamie.Reid, CISSP, jamie.reid at
> Senior Security Specialist, Information Protection Centre 
> Corporate Security, MBS  
> 416 327 2324 
> >>> "Bryan Bradsby" <Bryan.Bradsby at> 11/12/03 04:25pm >>>
> > Devise a system that assumes owners of IP space WANT to know about problems.
> > report --open-proxy <logfiles
> > and have a report sent to whoever needed to know about it.
> -bryan bradsby
Johannes Ullrich                     jullrich at
pgp key:
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at

More information about the NANOG mailing list