Slashdot Mirror

← Back to Stories (view on slashdot.org)

Day in the Life of the Internet Storm Center

Posted by ryuzaki0 on from the jobs-you-don't-want dept.

An anonymous reader writes "Network World Fusion has an article about the Internet Storm Center's inner workings. The writer follows the ISC during the day of the MyDoom-O outbreak (the one that hit Google et al.). The article talks about running W2K in vmware on top of SuSe Linux. A practice very common in malware analysis to isolate yourself from various ill effects of the malware. Other open source software receiving a mention in the article is everybodies favorite packet analyzer Ethereal."

12 of 123 comments (clear)

  1. My Favourite Pony by B3ryllium · · Score: 4, Informative

    An invaluable tool for PCs that are "public access" or even boot-partitions of computers at work:

    DeepFreeze

    Just one reboot, and any malware infection is obliterated. (There are alternatives, too, but I like DeepFreeze the best)

    1. Re:My Favourite Pony by ciroknight · · Score: 5, Informative

      We happened opon this product at the school where I used to work, and as far as I can tell from using it and poking around at the program, it keeps a log of all harddrive transactions, then when rebooted, it plays back the log backwards, restoring to the state in which the system was before; no Ghost partitioning required, but none-the-less not invunerable to attack. We had kids bring in Knoppix CDs and obliterate hard drives for no other reason than they could.

      My suggestion is to use Deep Freeze with Ghost (It's a complex setup, but if you "un-freeze" the system for one reboot, then Ghost, all you have to do is cast the image, change the computer's name (we had a pretty complex naming scheme), then reboot the machine and it's ready to go.) It's a formittable combination, and far better than products like "Foolproof Security". Hope this helps.

      --
      "Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
  2. Correct link by Tyrdium · · Score: 5, Informative

    Ethereal's website is ethereal.com, not ethereal.org.

  3. Three links I just can't live without as an admin: by AcquaCow · · Score: 5, Informative

    SANS Internet Storm Center
    Provides current Internet port graph history and advisories

    CERT's Vulnerabilities page
    Provides current Internet virus history and news.

    Keynote Internet Health Report
    Provides a table of ping times between various Internet backbones and providers. Great for checking if it's your ISP, or the backbone they are attached to that's having a slow day.

    I advise everyone to check these out, as they provide a great wealth of information in a nice organized format.

    --

    up 12 days, 22:30, 2 users, load averages: 993.20, 994.21, 994.56
    *makes note to limit user processes...
  4. The Storm Center is excellent by Saint+Aardvark · · Score: 4, Informative
    One of the first things I check out every day is the Storm Center's diary. Between that, and Microsoft's security page, and SecurityFocus, and Infosecdaily.net, I've got more than enough paranoia (I hope...) to make it through BugTraq and Full Disclosure.

    What about the rest of you? What links do you check out, and what am I missing?

    --
    Carousel is a lie!
    1. Re:The Storm Center is excellent by presmike · · Score: 2, Informative

      I use http://www.dailyrotation.com/ You can customize which sites it draws headlines from. Saves me tons of time by having everying all in one place.

      --
      presmike
  5. Re:SuSE and VMware by UnderAttack · · Score: 2, Informative

    Get the latest VMware build, and check the vmware community forums. But the latest build I downloaded installed without a hitch on Suse 9.1 running on an AMD64 system.

    --
    ---- join dshield.org Distributed Intrusion Detec
  6. ... and a nice Ethereal add-on... by m0rningstar · · Score: 5, Informative

    ... is Packetyzer, available from Network Chemistry http://www.networkchemistry.com/products/packetyze r/.

    Has some neat additional features, such as conversation tracking and I believe it has a few more decodes. Only for Windoze, however, thus encouraging the VMWare machines.

  7. Re:Similar Article by UnderAttack · · Score: 4, Informative

    don't click on the link unless you want your cube mates stare at you ;-)

    --
    ---- join dshield.org Distributed Intrusion Detec
  8. Re:Three links I just can't live without as an adm by Ice_Balrog · · Score: 2, Informative

    For Linux users, I highly recommend Linux Security to keep up on current advisories.

    --
    #include "sig.h"
  9. Re:Hahahhaha by pbemfun · · Score: 2, Informative

    Obviously you didn't pay much attention in the class or attended a really bad one. I've attended a few SANS courses, and while they are expensive, they are worth every penny IMO. Every instructor I've had has gone beyond whats on the PPT presentations.

  10. Re:Another good product is.... by Anonymous Coward · · Score: 1, Informative

    I am sorry, but you have been misinformed. Virtual PC is every bit as much a full virtualization as VMware. VMware and some Linux types seem to try to perpetuate the this incorrect meme.

    As for performance, although Virtual PC may have marginally better performance on Windows OSes than VMware, under Linux OSes, the reverse is often true. The products are truely very similar on the desktop. VPC has slightly better general compatibility, and VMware has an edge in USB and network configurability, either of which may affect your specific choice.

    VMware can host on Linux. VPC cannot. (Although VPC images may also be run under OS/2 and Mac OS, these alternatives do not seem to be attractive to the vast majority of the target virtual machine audience).

    Elsewise, from the vast majority of perspectives, these two are interchangeable.