|Observations start on individual machines
(if possible on all machines).
|If a subnet is under some common administration,
it is useful to collect all observations on one
or more servers to distinguish attacks on
individual machines from scans over the network.
|Incidents are collected by some
regional centers (CERTs, for example), and by
global institutions like the Internet Storm Center.
|Copyright © 2001, 2002 Andreas Borchert, converted to HTML on April 07, 2002|