Slashdot Mirror

← Back to Stories (view on slashdot.org)

Day in the Life of the Internet Storm Center

Posted by ryuzaki0 on from the jobs-you-don't-want dept.

An anonymous reader writes "Network World Fusion has an article about the Internet Storm Center's inner workings. The writer follows the ISC during the day of the MyDoom-O outbreak (the one that hit Google et al.). The article talks about running W2K in vmware on top of SuSe Linux. A practice very common in malware analysis to isolate yourself from various ill effects of the malware. Other open source software receiving a mention in the article is everybodies favorite packet analyzer Ethereal."

4 of 123 comments (clear)

  1. Correct link by Tyrdium · · Score: 5, Informative

    Ethereal's website is ethereal.com, not ethereal.org.

  2. Three links I just can't live without as an admin: by AcquaCow · · Score: 5, Informative

    SANS Internet Storm Center
    Provides current Internet port graph history and advisories

    CERT's Vulnerabilities page
    Provides current Internet virus history and news.

    Keynote Internet Health Report
    Provides a table of ping times between various Internet backbones and providers. Great for checking if it's your ISP, or the backbone they are attached to that's having a slow day.

    I advise everyone to check these out, as they provide a great wealth of information in a nice organized format.

    --

    up 12 days, 22:30, 2 users, load averages: 993.20, 994.21, 994.56
    *makes note to limit user processes...
  3. Re:My Favourite Pony by ciroknight · · Score: 5, Informative

    We happened opon this product at the school where I used to work, and as far as I can tell from using it and poking around at the program, it keeps a log of all harddrive transactions, then when rebooted, it plays back the log backwards, restoring to the state in which the system was before; no Ghost partitioning required, but none-the-less not invunerable to attack. We had kids bring in Knoppix CDs and obliterate hard drives for no other reason than they could.

    My suggestion is to use Deep Freeze with Ghost (It's a complex setup, but if you "un-freeze" the system for one reboot, then Ghost, all you have to do is cast the image, change the computer's name (we had a pretty complex naming scheme), then reboot the machine and it's ready to go.) It's a formittable combination, and far better than products like "Foolproof Security". Hope this helps.

    --
    "Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
  4. ... and a nice Ethereal add-on... by m0rningstar · · Score: 5, Informative

    ... is Packetyzer, available from Network Chemistry http://www.networkchemistry.com/products/packetyze r/.

    Has some neat additional features, such as conversation tracking and I believe it has a few more decodes. Only for Windoze, however, thus encouraging the VMWare machines.