Link Logger Home ZyXel Banner Binary Visions
Netgear
LinkSYS
Router

DShieldUP
Link Logger for Windows
Home Home Product Info Product Info Download Download/Purchase Support Support  
Link Logger for Windows

NewsLatest News

Screen ShotsScreenshots

Customer CommentsFeedback

Common ScansScans

Additional ResourcesResources

Additional ResourcesMy Articles

My BlogMy Blog

 

DShieldUp is a FREE utility to upload log information to DShield.org:

DShield provides a platform for users of firewalls to share intrusion information. DShield is a free and open service.

DShield.org is an attempt to collect data about cracker activity from all over the internet. This data will be catalogued and summarized. It can be used to discover trends in activity and prepare better firewall rules.

DShield.org also has what they call their Fightback feature:

DShield.org is now helping users to fight back against attackers. We will analyze submitted log reports and pick a number of strong cases to forward them to the ISP from which the attack originated. A copy of the abuse report will be forwarded to the user.

You have to sign up for 'Fightback'. We will not forward any of your log submissions unless you agree to by using the fightback option.

The user that submitted the log report will be copied on all correspondence. The ISP will receive all relevant log excerpts and we will include the e-mail address registered with DShield.org, in order to allow the ISP to contact the victim directly.

We hope other reporting organizations will be interested in the data captured by Link Logger users all around the world.  We are willing to send the source code (written in Delphi 5) for DShieldUp to anyone wishing to improve it or modify it for other log collection or reporting services.  We do ask however that all changes or new versions be sent back to us, such that other Link Logger users can benefit.

DShieldUp for Link Logger

 

How To Use DShieldUp

DShieldUp works with on Windows 98, 98SE, ME, NT, Windows 2000, XP, and 2003.  While it is not an officially supported product if you have comments/suggestions or find bugs please send an email to DShieldUp@LinkLogger.com.

When trying DShieldUp for the first couple of times enter your own email address in the 'Send to' field so you can see what is being sent by DShieldUp to DShield.org.  We also recommend that you turn off descriptions in the drag and drop (user configuration) as it speeds up drag and drop up hugely.  

In Link Logger build a search list of events that you would like to send, then drag and drop them onto DShieldUp.  You can uncheck items in DShieldUp that you don't want to send.  Scrub removes any unchecked items, but the send process checks that they are checked before sending an event as well, so it just nice to be able get them off your display if your working through a long list.  Note the columns are sortable.

About the only thing you need to setup for DShieldUp is the SMTP email host from your ISP (check your email setting for the SMTP address).  You can put the DShieldUp.exe anywhere, but we suggest putting it in the Link Logger directory and adding a link to wherever you like.  The Author ID is from DShield.org when you register.  Anonymous users can enter 0 for their Author ID.  

DShieldUp has a couple of features which are handy.  First if you don't want to send NetBIOS name lookups then you can enable the 'NETBIOS Nameservice' filter such that those events are filtered out on the drop.  Also DShieldUp remembers the event date and time of the last event sent and will warn you if you add events which occurred before that event in subsequent usages of DShieldUp.


A sample of how one person uses DShieldUp.  

I have my display filters set to green inbound, and blue outbound.  This means that I see all inbound traffic, and all alerts, so I sort the traffic list by alerts in a descending order.  Since Outbound alerts are a 'higher' alert they appear at the top of the list (if there are any), and inbound alerts appear next and non alert inbound traffic at the bottom of the list.  Typically I review Link Logger a couple of times a day (or not), but when I do, I review the inbound alerts and highlight them (click on the first event to highlight it, and then shift click on the last event which highlight the whole range, and then unselecting alerts that I know to be false positives by Ctl-clicking on them), and then drag and drop them onto DShieldUp, and send them.  After sending the alerts, I clear the traffic list in Link Logger and repeat the process again next time I check Link Logger.  Since I have Fightback enabled at DShield.org the idea is hopefully a notification email is sent out to respective ISP's concerning the probes and scans such that these systems can be cleaned up.


Since each router has slightly different logging capabilities there are three versions of DShieldUp.  Please select the version for your router.

While we have extensively beta tested DShieldUp we must include the following disclaimer.  NOTE DShieldUp is provided 'as is' without any official support or warranty.  If you do find any problems or have some suggestions please let us know at DShieldUp@LinkLogger.com

 

DShieldUp for All Linksys Link Logger Versions except the BEFSX41

 

DShieldUp for All other Link Logger Versions (Linksys BEFSX41, All Netgear and Zxyel Versions)

NOTE the difference between the two versions is the inclusion of Protocol in the information sent to DShield as typically all Linksys router/firewalls except the BEFSX41 do not log protocol information.  All other routers/firewalls supported by Link Logger log protocol information.

 

 If you encounter any problems please email Link Logger support at support@LinkLogger.com.