Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: New version of cvtwin, now with HTTP upload - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New version of cvtwin, now with HTTP upload
First of all: if you are currently submitting data to DShield, and everything works right: Don't touch it ;-)

Historically, data was submitted to DShield via e-mail. I choose this method way back (Nov. 2000) as it provided easy load balancing and queuing in case the main database server was under heavy load. Initially, we only had a Linux client, and of course its trivial to send e-mail from almost any linux host. The first client was actually a 1 line shell script.

I think e-mail its still a good idea, but we are having more and more issues getting e-mail to us. In particular our Windows client, cvtwin, uses an external simple command line client which isn't always that easy to configure as ISPs block port 25 and require users to log in to mail servers.

So earlier today, Wayne, our "cvtwin guy", added a new function: It will now submit data via HTTP as well as SMTP. I think in particular in Windows scenarios this makes a lot of sense. Most of our windows users are home users. They run some kind of logging software on a work station and submit logs collected by this software. These systems are used for web browsing and usually have unobstructed access to port 80.

So if you have issues running CVTWIN because you are not able to send mail, give the new version a try. And again: If it works, don't touch it ;-)

More details about CVTWIN: Windows Clients
Changelog (use for now for documentation of the http feature)

This is an experimental release at this point. Please report issues to info@dshield.org.I will be teaching next: Intrusion Detection In-Depth - SANS London July 2019

Johannes

3562 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!