Upload File

internet storm center briefing 20100513

14
Rick Wanner - ISC Handler [email protected] A brief briefing… The Internet Storm Center

Upload: rick-wanner

Post on 09-Jun-2015

459 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: Internet Storm Center briefing 20100513

Rick Wanner - ISC Handler

[email protected]

A brief briefing…

The Internet Storm Center

Page 2: Internet Storm Center briefing 20100513

Rick Wanner B. Sc, I.S.P.,

ITCPClient Technology Manager, Corporate Security at

SaskTel

Masters Student at SANS Technology Institute

(www.sans.edu)

Independent contractor/Volunteer with

SANS/GIAC

ISC Handler since 2008

[email protected]

Page 3: Internet Storm Center briefing 20100513

The Internet Storm Center

• The ISC is composed of approximately 40 volunteer

handlers which coordinate a group of volunteer

intrusion analysts and malware specialists.

• Daily “Handler on Duty”

Daily diary/blog published at http://isc.sans.edu/

The Internet Storm Center acts as a distributed early

warning system for the Internet

The ISC acts as an intermediary with ISPs worldwide.

Sponsored by the SANS Technology Institute

(http://www.sans.edu).

http://isc.sans.edu/
Page 4: Internet Storm Center briefing 20100513

ISC = DSHIELD +

Contributors + Handlers

From: isc reader

To: [email protected]

Subject: Recent attack.

....

DShield Data

Reader Reports

ISC Handlers

User Logs

mailto:[email protected]
Page 5: Internet Storm Center briefing 20100513

Dshield-We want your logs!

The ISCs principal inputs come from

Dshield.org and Internet users

Dshield.org is fueled by log contributions

by Internet users and corporations.

All logs are scrubbed before they are

submitted.

Src IP, src port, destination port

Page 6: Internet Storm Center briefing 20100513

Dshield Collection clients

Clients installed on firewalls, IDS, and

gateway routers/firewalls

Developed by SANS and third parties

Log transfer via HTTP or SMTP

Page 7: Internet Storm Center briefing 20100513

Role of the Handler

Analysis:

Assign meaning to submissions and data

Correlate between the inputs and known data

Solicit further information from sources

Prioritize each incident

Overall impact

Ability of the ISC to contribute

Number of submissions

Size of the affected user population

Page 8: Internet Storm Center briefing 20100513

Role of the Handler, cont…

Incident handling:

Identify

Contain

Eradicate

Recover

Lessons Learned!

Page 9: Internet Storm Center briefing 20100513

Diaries are Dynamic

RevisedDiaries

Initial Diary

DiaryWorthy?

Initial Observation

AdditionalObservations

Immediate publication of new event to solicit feedback from readers and provide the earliest possible alert.

Page 10: Internet Storm Center briefing 20100513

Other output

FightBack functionality

Send automated abuse on behalf of

users

Very specific attacks only

AS specific reports

Anti-virus distribution list

Page 11: Internet Storm Center briefing 20100513

Microsoft Patch Tuesday

Second Tuesday is the top day for visits to

the ISC

What we add:

Overview

Independent rating

History

Page 12: Internet Storm Center briefing 20100513

October is Cyber Security

Awareness Month

In 2009, ISC chose securing common ports

and protocols as the theme.

2008, theme was “Incident Handling”

Preparation, Identification, Containment,

Eradication, Recovery, Lessons Learned

2007, ISC published security awareness tips

Page 13: Internet Storm Center briefing 20100513

Support the ISC!

Send us your logs:

http://www.dshield.org/howto.html

Read the ISC:

http://isc.sans.edu/

Send us your observations:

http://isc.sans.edu/contact.html

[email protected]

Send us your malware:

http://isc.sans.edu/contact.html

http://www.dshield.org/howto.html
http://isc.sans.edu/
http://isc.sans.edu/contact.html
http://isc.sans.edu/contact.html
Page 14: Internet Storm Center briefing 20100513

Thanks!

Questions??

For future questions please

contact

[email protected]


Winter Storm Warning Detroit, MI - National Weather Service · US National Weather Service Detroit / Pontiac Michigan NWSDetroit Detroit, MI Briefing issued March 8, …

Tropical Storm Alberto Branch Briefing June 13, 2006

Briefing Note - 2016 Capital Budget Briefing Note ... · Charlies Caccia Tank Charles Caccia Park Nairn Ave. Combined Sewer Storage Replacement 17 Palacio $7,651,124 $19,770 ... Storm

Natural Resources Board presentation · 03.10.2019  · WI Natural Resources Board October 22, 2019 Webcast Division of Forestry Storm Aftermath Informational Briefing AGENDA ITEM

FRENCKEN GROUP LIMITEDfrenckengroup.listedcompany.com/newsroom/20100513... · AGENDA 1Q FY2010 Results Briefing ... Business Review and OutlookBusiness Review and Outlook ... •

Tropical Storm Alberto ESF Briefing June 12, 2006

Tropical Storm Ernesto Evening Briefing August 29, 2006

Briefing Emergency Management€¦ · Threshold Value Impact Arrival of Tropical Storm Winds Evacuation Terminated – Opening of Last Resort Refuge. Storm Surge Exceeding 5 Feet

Tropical Storm Isaac Briefing

Tropical Storm Alberto Branch Briefing June 12, 2006

Tropical Storm Isaac Briefing August 26, 2012 10:00 CDT Weather Forecast Office Slidell, LA

Tropical Storm Ernesto Morning Briefing August 29, 2006

Tropical Storm Isaac Briefing August 25, 2012 13:00 CDT

Daily Operations Briefing - Disaster CenterDaily+Ops+Briefing+07-24-2017.pdf · Tropical Storm Irwin (Advisory #8 as of 5:00 a.m. EDT) • Located 745 miles SSW of Baja California,

PUBLIC ASSISTANCE APPLICANT’S BRIEFING Tropical Storm Lee EM-3340 Emergency Declaration

Potential Historic Winter Storm February 8-9, 2013 Briefing Summary: 830 AM Thursday, February 7 th, 2013 National Weather Service Boston, MA

lillypreserveapartments.com...storm water management storm water management storm water management storm water management storm water management Storm water management 3125 LILLY RD

Latest Weather Briefing NWS - Coastal Storm 11/7-8/12

Private Capital Law Briefing • August 2021 A perfect storm?

20100513 - IGBC Penang - Low Carbon Buildings & Communities - Noel Isherwood

Industry Research Report Auto Dealers, GM Northeast U.S.edu.nacva.com/online/pdf/20100513%C2%AD_Auto%20Dealers.pdf · 13/05/2010  · commercial vehicles, sold through car dealerships

TROPICAL STORM NATE BRIEFING · Tropical Storm Nate Storm Surge Maximum 4 to 7 feet above ground along the open coastline Maximum 3 to 5 feet above ground along the shore of Lake

Severe Storm and Flood Briefing

Tropical Storm Alberto ESF Briefing June 13, 2006

Tropical Storm Ernesto Evening Briefing August 28, 2005

JACKSONVILLE DISTRICT PROGRAM BRIEFING · 2018-07-09 · CSRM PROJECTS . OUR MISSION COASTAL STORM RISK MANAGEMENT . 5 . ... phase agreements or construction contracts executed on

New York, NY TROPICAL STORM ELSA BRIEFING

D2 Storm Drain Restoration and Storm Water Mitigation Job... · D2 Storm Drain Restoration and Storm Water Mitigation ... D2 Storm Drain Restoration and Storm Water Mitigation

TROPICAL STORM ISAIAS BRIEFING · Tropical Storm Isaias Impacts • Increased swell is producing very dangerous swimming conditions now through mid-week. • Visit the Beach Forecast

TROPICAL STORM ARTHUR BRIEFING · 5/17/2020 6:25 AM Morehead City, NC WEATHER FORECAST OFFICE Situation Overview Tropical Storm Arthur Hazard Impacts Location Timing

Weather Service Briefing Rain Storm 05 15 14

Special Winter Weather Briefing - TownNewsbloximages.newyork1.vip.townnews.com/northwestgeorgia... · 2016. 1. 21. · Winter Storm Warning Valid: 1AM Tonight – 7PM Saturday / to

Major Winter Storm...Gray, ME Weather Forecast Office Follow us on Twitter Follow us on Facebook Presentation Created 3/31/2017 4:39 AM Major Winter Storm Decision Support Briefing

TROPICAL STORM FAY BRIEFING - National Weather Service · 2020. 7. 10. · Tropical storm warning and flash flood watch continues for the entire local area. Fay continues to move

BIO-CLIMATIC DESIGN GREEN RANSFORMATION - …new.greenbuildingindex.org/Files/Resources/20100513 - IGBC Penang... · BIO-CLIMATIC DESIGN T.R.HAMZAH & YEANG 1989 ... many-storied structures