First of all: if you are currently submitting data to DShield, and everything works right: Don't touch it ;-)
Historically, data was submitted to DShield via e-mail. I choose this method way back (Nov. 2000) as it provided easy load balancing and queuing in case the main database server was under heavy load. Initially, we only had a Linux client, and of course its trivial to send e-mail from almost any linux host. The first client was actually a 1 line shell script.
I think e-mail its still a good idea, but we are having more and more issues getting e-mail to us. In particular our Windows client, cvtwin, uses an external simple command line client which isn't always that easy to configure as ISPs block port 25 and require users to log in to mail servers.
So earlier today, Wayne, our "cvtwin guy", added a new function: It will now submit data via HTTP as well as SMTP. I think in particular in Windows scenarios this makes a lot of sense. Most of our windows users are home users. They run some kind of logging software on a work station and submit logs collected by this software. These systems are used for web browsing and usually have unobstructed access to port 80.
So if you have issues running CVTWIN because you are not able to send mail, give the new version a try. And again: If it works, don't touch it ;-)
More details about CVTWIN:
This is an experimental release at this point. Please report issues to firstname.lastname@example.org.I will be teaching next: Intrusion Detection In-Depth - SIEM Summit & Training 2019
Nov 14th 2007
1 decade ago