Slashdot Mirror

← Back to Stories (view on slashdot.org)

Day in the Life of the Internet Storm Center

Posted by ryuzaki0 on from the jobs-you-don't-want dept.

An anonymous reader writes "Network World Fusion has an article about the Internet Storm Center's inner workings. The writer follows the ISC during the day of the MyDoom-O outbreak (the one that hit Google et al.). The article talks about running W2K in vmware on top of SuSe Linux. A practice very common in malware analysis to isolate yourself from various ill effects of the malware. Other open source software receiving a mention in the article is everybodies favorite packet analyzer Ethereal."

13 of 123 comments (clear)

  1. Correct link by Tyrdium · · Score: 5, Informative

    Ethereal's website is ethereal.com, not ethereal.org.

  2. Malware by Ford+Prefect · · Score: 5, Funny

    A practice very common in malware analysis to isolate yourself from various ill effects of the malware

    Best description of Windows I've heard in ages... ;-)

    --
    Tedious Bloggy Stuff - hooray?
  3. More "fun" than running viruses in vmware... by mkavanagh2 · · Score: 5, Funny

    Is running them in WINE. Especially since it's not a virtual machine, and the virus might detect WINE then trash your lunix ;)

  4. virus by spotplace · · Score: 5, Interesting

    Windows 98 has largely been ignored by the virus writers for the past two years... The worms this year that took down my school districts entire network of w2k machines didnt harm the windows 98 machines at all!

  5. On duty, 24/7 by p0 · · Score: 5, Funny


    From TFA :
    He is the only full-time staffer among the 30 ISC handlers who span the globe and are on duty 24-7. The rest are volunteers who take turns watching over the Internet. Most have other jobs and aren't expected to be awake for their entire 24-hour shift.

    Who the hell is this Ulrich guy? R2D2?

    --
    This is my sig. There are thousands more, but this one is mine.
  6. Virus naming conventions by AndroidCat · · Score: 5, Funny

    Does anyone really remember the difference between MyDoom-O and MyDoom-N? Perhaps they should start using first names like real storm centers do for tropical storms/hurricanes. They could issue warnings about incoming class 5 virus MyBad-Kevin.

    --
    One line blog. I hear that they're called Twitters now.
  7. Three links I just can't live without as an admin: by AcquaCow · · Score: 5, Informative

    SANS Internet Storm Center
    Provides current Internet port graph history and advisories

    CERT's Vulnerabilities page
    Provides current Internet virus history and news.

    Keynote Internet Health Report
    Provides a table of ping times between various Internet backbones and providers. Great for checking if it's your ISP, or the backbone they are attached to that's having a slow day.

    I advise everyone to check these out, as they provide a great wealth of information in a nice organized format.

    --

    up 12 days, 22:30, 2 users, load averages: 993.20, 994.21, 994.56
    *makes note to limit user processes...
  8. Re:My Favourite Pony by stratjakt · · Score: 5, Interesting

    Nothing on that link tells you how the product works.

    The closest I read was "Deep Freeze instantly protects and preserves original computer configurations" which reads to me that it's kind of like Ghost, except it keeps an image local on the HDD?

    If so, I'd shy away from phrases like "Completely invulnerable to hacking".

    XP's system restore feature gives you the same functionalities, if it's used properly (of course, it never is). I'm in the habit of making a save point before I do anything that could potentially bork my machine (testing some new driver tweak, etc), and have rolled back successfully on more than one occasion.

    --
    I don't need no instructions to know how to rock!!!!
  9. Re:Ethereal is for the weak by Anonymous Coward · · Score: 5, Funny

    Real admins plug the network cable directly into their brains

    You mis-spelled brains. Its spelled 'ass'

  10. Re:My Favourite Pony by ciroknight · · Score: 5, Informative

    We happened opon this product at the school where I used to work, and as far as I can tell from using it and poking around at the program, it keeps a log of all harddrive transactions, then when rebooted, it plays back the log backwards, restoring to the state in which the system was before; no Ghost partitioning required, but none-the-less not invunerable to attack. We had kids bring in Knoppix CDs and obliterate hard drives for no other reason than they could.

    My suggestion is to use Deep Freeze with Ghost (It's a complex setup, but if you "un-freeze" the system for one reboot, then Ghost, all you have to do is cast the image, change the computer's name (we had a pretty complex naming scheme), then reboot the machine and it's ready to go.) It's a formittable combination, and far better than products like "Foolproof Security". Hope this helps.

    --
    "Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
  11. Small code ... ? by thrill12 · · Score: 5, Interesting

    From the article:
    "It's amazing how these virus writers get such small code," Ullrich says. "They should be working for some of the commercial code vendors."

    Why not: s/should/could
    And for the conspiracy-minded: s/working for/commanded by
    Really twisted addon to the latter: s/code vendors/anti-virus vendors

    Another episode in "preaching to the converted".

    --
    Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
  12. Re:My Favourite Pony by stratjakt · · Score: 5, Interesting

    See, I have this co-worker who constantly fucks up his machines. He's supposed to be a programmer/analyst/tech support guy just like me (small company, you wear a lot of hats), but everytime something comes up, I have to handle it because his computer is broken.

    "I can't build a working EXE, my Visual Studio is screwed up!" "I can't dial into that customer, because my modem isnt working" "I can't VPN in because my computer crashes when I fire up the Cisco client".

    He's incompetent, but I'm dubious he's this incompetent. I traded him the machine in my office when I got a new one, everything worked perfectly. A week later, his VPN and Visual Studio are broken. I really dont have the time to keep rebuilding his machine for him. Of course, he claims he doesn't know how to reinstall Office or VStudio, etc..

    I think he does it so he won't have to do actual work. I end up doing everything because he always has an excuse. When he's on site, his laptop is broken, so he has to phone in all the code changes he wants, I have to do it, cut an EXE and email it out. Of course, it's double bonus for him. Anything he fucks up on site, he can just blame me for, since I'm actually doing the work remotely.

    It's pissing me off, and it makes our company look like a bunch of morons. My archetypal PHB thinks he's just the cats ass because he comes in "early" every morning (he shows up at 8:45 to drink coffee and read the paper, we open at 9. Sheesh).

    Anyhow, this sounds like a decent product. I'm downloading the evaluation version now. I'll reinstall his machine one last time, ghost it, install this. Next time I hear "I can't dial in because my modem is screwed up", I'll reboot his box and it'll be fixed.

    --
    I don't need no instructions to know how to rock!!!!
  13. ... and a nice Ethereal add-on... by m0rningstar · · Score: 5, Informative

    ... is Packetyzer, available from Network Chemistry http://www.networkchemistry.com/products/packetyze r/.

    Has some neat additional features, such as conversation tracking and I believe it has a few more decodes. Only for Windoze, however, thus encouraging the VMWare machines.