[46535] in North American Network Operators' Group
Re: How to get better security people
daemon@ATHENA.MIT.EDU (Avleen Vig)
Wed Apr 3 12:22:39 2002
Date: Wed, 3 Apr 2002 18:22:01 +0100 (BST)
From: Avleen Vig <lists-nanog@silverwraith.com>
To: batz <batsy@vapour.net>
Cc: Sean Donelan <sean@donelan.com>,
"Christopher E. Brown" <cbrown@woods.net>, NANOG <nanog@merit.edu>
In-Reply-To: <Pine.BSF.4.21.0204031015160.401-100000@vapour.net>
Message-ID: <20020403181906.N17312-100000@apple.silverwraith.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 3 Apr 2002, batz wrote:
> Personally, I would like to see a mixture of the MAPS RBL and
> aris.securityfocus.com available, where emerging hostile netblocks
> can be blackholed for short periods of time using attack information
> gathered from and coroborated by a vast array of diverse sources.
Have a look at SAFE (url in sig).
We detect smurf amplifiers and I'm currently looking at ways to export
data to companies regarding large smurf amplifiers (>x250 amplification)
who refuse to close after X number of warnings.
I expect it will run on a free, but subscribed + authenticated basis (ie,
a company subscribes and gives the IP's of their DNs servers and those
servers are authorized to do lookups, but script kiddies cannot).
--
Avleen Vig
Work Time: Unix Systems Administrator
Play Time: Network Security Officer
Smurf Amplifier Finding Executive: http://www.ircnetops.org/smurf
