Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Mailbag grab - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Mailbag grab

Security book online

Ryan sent us a link to an on-line book:

Security Engineering: A Guide to Building Dependable Distributed Systems
by Ross Anderson

But I guess you'll need to come back in a few days before you can get in and download it.
It is a good book well worth reading and I for one really like the attitude of the author.

RFC 1918

Jon send as traffic to and from 10.x.y.z going over the Internet. It reminded us to filter that traffic away on your borders. There is no good such IP addresses (and any other mentioned in RFC 1918) can do out there. Dropping the traffic in ingress/egress filters is the right thing to do (also for the ISPs involved).


We got a few contacts from Canada, and some clarification regarding the MS06-040 bots might be needed:
  • This is not an isolated issue. Several entities in various geographic locations are being hit.
  • This is not the only such bots. There are many similar bots and it is not trivial to tell them apart unless you actually have the malware and the time to analyse it in detail.
  • In most countries, the Internet is global: packets do not stop for customs or immigration ;-). Since most botnet herders are in it for the money so far, they don't really care about countries either.

Swa Frantzen -- Section 66


760 Posts
Aug 31st 2006

Sign Up for Free or Log In to start participating in the conversation!