PacketSource — Security White Papers
 
A A A
 

Reporting Incidents to an ISP with BlackICE ClearICE Report Utility and the Importance of Submitting Firewall Logs to the Dshield.org Project

Author: Victor Arnaud Published June 15, 2011 from SANS

This practical has two objectives: guide users of BlackICE to report incidents to their ISPs (using ClearICE Report Utility) and show users the importance of submitting firewall logs to the dshield.org project. Since the installation of BlackICE does not require much work on a single workstation, I will assume that it's already installed and start from the incident itself, passing through the BlackICE's alert, blocking the intruder to avoid his activities and working with ClearICE to create an useful report to the attacker's ISP to help them track the malicious user.

Tags:

PDFRead the complete paper at SANS