Web
Article

Tighten Security with DShield

By Blane Warrene

A fantastic resource was passed along to me called DShield – which bills itself as a distributed intrusion detection system.

What it is really is a powerful live reporting resource on the most attacked ports, types of attacks and who the attackers are. As the folks at DShield put it – “DShield.org is an attempt to collect data about cracker activity from all over the internet. This data will be cataloged and summarized. It can be used to discover trends in activity and prepare better firewall rules.”

I recently wrote about building a firewall using iptables, and with a source such as this, one can tailor packet filtering rules to block new ports and tighten the net around your servers.

The site’s home page provides a global map showing patterns of attack types as well as a “stock” ticker of ports that breakdown types of attacks by those ports and what applications commonly use the same port.

DShield also offers an “are you cracked” search function to see if a machine you use or manage has been cracked via an IP search of the group’s database.

Finally – firewall administrators can upload their logs and contribute to the coverage data DShield offers. Admins can always contact the site to discuss further if logs should be edited previous to submission or as to how the data would be used.

DShield’s creators suggest they are exploring how they can expand beyond packet filtering to also cover more sophisticated application level firewalls in the future.

Free Guide:

7 Habits of Successful CTOs

"What makes a great CTO?" Engineering skills? Business savvy? An innate tendency to channel a mythical creature (ahem, unicorn)? All of the above? Discover the top traits of the most successful CTOs in this free guide.

No Reader comments

Recommended
Sponsors
Because We Like You
Free Ebooks!

Grab SitePoint's top 10 web dev and design ebooks, completely free!

Get the latest in Front-end, once a week, for free.