Federal NOC To Be Modeled After Incidents.org / DS

An anonymous reader writes "Computerworld is covering in more detail the new Federal 'Cybersecurity Center.' The article explains that unlike some earlier rumors indicated, the center will not try to build a super-carnivore, but instead use voluntary reports. It will be similar to the SANS Institute's Internet Storm Center, which summarizes contributions submitted to DShield.org. This system of voluntary contributors has been shown to be effective in the past by issuing early warning for a number of major Internet worms, like Code Red, Ramen and SQLSnake. Unlike Symantec's 'for pay ' Deep Sight service, which publishes alerts only to paying members, Incidents.org is a free service."

follow-up on CodeRed/Nimda

[valmont]

A few months ago i posted a follow-up in my /. journal on code red and nimda queries sent to my apache server thru my residential dsl connection. I gathered a list of *all* unique queries i've received so far.

I also came-up with a few shell scripts used as CGI to make HTTP requests back to offending hosts, exploiting the very vulnerabilities they're probing me for to, place "WARNING YOU ARE INFECTED" text messages at strategic locations on their hard drives. drop a note on my journal comments if u need more info on that.

Now, if only we could report Klez....

[wowbagger]

I just want a way to stop the damn Klez worms I keep getting emailed from pixie.udw.ac.za (a university in South Africa). I've mailed their admin repeatedly, mailed their faculty, even mailed their upstream. The closest thing to a response I've gotten was a response from one of the faculty saying "Yeah, we are getting hammered by that too."

What we need is a good way to force admins to actually ADMINISTER the systems they are responsible for, and should they refuse, to get the upstream to null-route the machine until it is fixed.

Re:Duplicating private sector

[tubabeat]

It would, any fool could see that. So... given that governments usually have a high concentration of fools... we could reasonably assume they already worked that out. Which can only mean that they want to control it. Now why might a government want to supress computer security alerts...?