nanog mailing list archives
Re: How to get better security people
From: batz <batsy () vapour net>
Date: Wed, 3 Apr 2002 14:31:28 -0500 (EST)
On Wed, 3 Apr 2002, Avleen Vig wrote: :Have a look at SAFE (url in sig). :We detect smurf amplifiers and I'm currently looking at ways to export :data to companies regarding large smurf amplifiers (>x250 amplification) :who refuse to close after X number of warnings. Yeah, that uses a bit more of the anti-spam model than a network protection model. Aris takes IDS logs from subscriber sites, normalizes them and generates stats (among other things). After the data is normalized, they show emerging trends and anomalies. An example of this would be if an attacker started scanning across the Internet for ssh servers, this could trigger IDS's at multiple sites, which would increase the profile of attackers ip addr. What I was suggesting is that this data be cleaned and a list of actively hostile hosts be distributed to subscribers for temporary blockage, either by port filter, or blackholed by prefix on a reasonably real-time basis. -- batz
Current thread:
- Re: How to get better security people Christopher E. Brown (Apr 02)
- Re: How to get better security people Sean Donelan (Apr 02)
- Re: How to get better security people Jake Khuon (Apr 02)
- Re: How to get better security people batz (Apr 03)
- RE: How to get better security people Benjamin P. Grubin (Apr 03)
- Re: How to get better security people Avleen Vig (Apr 03)
- Re: How to get better security people Richard A Steenbergen (Apr 03)
- Re: How to get better security people Avleen Vig (Apr 04)
- Re: How to get better security people batz (Apr 03)
- Re: How to get better security people Sean Donelan (Apr 02)
- <Possible follow-ups>
- RE: How to get better security people Zimmerman, David (Apr 03)