|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Thu, 13 Nov 2003 09:40:18 -0500 From: Daniel Medina <medina@columbia.edu> To: nanog@merit.edu In-Reply-To: <sfb28354.079@imail.mbs.gov.on.ca> Errors-To: owner-nanog-outgoing@merit.edu myNetWatchman has a work-in-progress search-by-AS http://www.mynetwatchman.com/ListIncidentbyASSummary.asp?AS=YOUR_AS_HERE On Wed, Nov 12, 2003 at 06:56:50PM -0500, Jamie Reid wrote: > > It would be useful if these sites allowed you to query them with CIDR ranges to > see if your site had originated any traffic that triggered their sensor arrays. The > IDS community never seems to have wrapped its collective head around routing > information. Looking up single IP addrs is just cosmetic. A real service would > allow for concerned sites to check their entire address allocations. > > The solution we have takes a massive amount of data munging of a routing > table and is still experimental, but until attacks can be mapped to meaningful Internet > topographical information, the real value of these distributed IDS efforts cannot be fully > exploited. > > I can forsee the argument that people shouldn't be able to look up other sites > which might be compromised, but if they are really so concerned, they should > get their sites patched. > -- > Jamie.Reid, CISSP, jamie.reid@mbs.gov.on.ca > Senior Security Specialist, Information Protection Centre > Corporate Security, MBS > 416 327 2324 > >>> "Bryan Bradsby" <Bryan.Bradsby@capnet.state.tx.us> 11/12/03 04:25pm >>> > > > Devise a system that assumes owners of IP space WANT to know about problems. > > report --open-proxy 192.168.1.1 <logfiles > > and have a report sent to whoever needed to know about it. > > http://www.Incidents.org > http://www.Dshield.org/howto.php > http://www.MyNetWatchman.com -- Dan
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |