Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: CVTWIN - Configuring CVTWIN - Configuring

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

CVTWIN opening screen

User ID and Email are for the registration information you received after you signed up to DShield.

SMTP server You must enter your SMTP server. If you don't know it, look at the configuration settings for the email program you normally use:

  • Outlook Express Tools -> Accounts -> Mail -> Properties -> Servers.
    Look for the "Outgoing Mail (SMTP)" field.
  • Outlook 2000 Tools -> Options -> Mail Delivery -> Accounts -> Mail -> Properties -> Servers.
    Look for the "Outgoing Mail (SMTP)" field.

You look at your email program to find out what SMTP server is is configured to use. Then put this value in the SMTP Server Name field in CVTWIN's configuration dialog box. Do not make any changes in your email program's configuration.

If you can't find your SMTP server, or it doesn't work for you for some reasons, you can enter as the SMTP server in CVTWIN. But you can only send to DShield if you do this. You can't send a copy to yourself.

If this won't work because your ISP is blocking port 25, we set up an alternate mail server as that works on (non-standard) port 81. To use this, set SMTP Server Name as (New with CVTWIN version 1.2.18--will not work with older versions.)

Do not set the SMTP server to point to a web mail service. "" is not a valid SMTP server.

It your email server needs user authentication, see the passing additional parameters to SNDMAIL page.

Also send a copy to yourself Enable this if you want CVTWIN to send you a copy of the log it sends to DShield. It probably is a good idea to enable this the first few times you use CVTWIN, just so you can verify that the log that is sent to DShield is what you expect it to be.

Obsfuscate Your IP Enable this if you want your own IP (target IP) to be obscured in the log that is sent into DShield. If enabled, CVTWIN will change the first byte of the IP address to "10". For example, if your IP address is "" then CVTWIN will obsfuscate it by changing it to "" before submitting to DShield.

If you do enable Obsfuscation, then DShield will not send "Fightback" abuse reports on your behalf because ISPs need accurate records of any attack attempt and obsfuscated IPs aren't suitable. But your records will "count" towards the total that is needed to trigger sending a Fightback abuse report, assuming that at least one user hasn't obsfuscated his IP. We would then send a Fightback message on his behalf.

Firewall Select the firewall that you are using, if it hasn't been already automatically detected.
More information on configuring specfic firewalls to work with CVTWIN.

Logfile Enter the location and filename of your firewall log. Use the "browse" button to Explore to find your log.

Last Saved Date/Time Is used to store the timestamp of the last line in your firewall log that was processed after it was sent into DShield. The next time you run CVTWIN, it compares all log lines against this timestamp and doesn't process lines earlier then this, on the assumption that they have been already sent in. This was left user editable, because sometimes email operations don't work, and you might want to manually edit this date. Otherwise, ignore it and CVTWIN will update it each time it sends a log into DShield.

Log into DShield Will use your default browser to log into DShield. From here you can

  • Update information in your User Profile
  • Display the logs that you have submitted to DShield.
  • Display summaries of any Fightback abuse reports that have been sent on your behalf.

Click on OK to save your configuration, Cancel to exit without saving any changes, Help to display this page.

Return to the CVTWIN Documentation page.