Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-12-20 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Finding abuse contacts for a domain

Published: 2005-12-20
Last Updated: 2005-12-21 02:03:44 UTC
by William Stearns (Version: 1)
0 comment(s)
    One poster to the handlers list asked if there is an easy way to find the abuse contact for a domain.  Abuse.net maintains a database of abuse contacts that's reachable via a web link or dns or whois lookup.
Keywords:
0 comment(s)

Cisco EIGRP Vulnerability and VLAN spoofing issue

Published: 2005-12-20
Last Updated: 2005-12-21 02:03:06 UTC
by William Stearns (Version: 1)
0 comment(s)
Cisco has put out advisories today concerning vulnerabilities in their EIGRP and VLAN implementations.  Their EIGRP post can be found at:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040376.html
and the VLAN issue is at:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040360.html

Keywords:
0 comment(s)

Malware Analysis Quiz 5 results

Published: 2005-12-20
Last Updated: 2005-12-20 13:25:55 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
For those following my Quizes, today I released the results of the Malware Analysis Quiz 5.
That one was really great and I would recommend those interested in malware analysis to read them!
Now, I will take a break of it until january and will post new quizes on 2006!
Thanks a lot for all submitters!
------------------------------------------------------
Pedro Bueno ( pbueno //&&// isc. sans. org)
Keywords:
0 comment(s)

Wrap-up: What? No Link?

Published: 2005-12-20
Last Updated: 2005-12-20 00:21:40 UTC
by Johannes Ullrich (Version: 3)
0 comment(s)
Our handler Lorna Hutcheson, in her diary from December 7th, noted the dangers of posting URLs, in particular clickable URLs, on our site. To drive the point home, we added a "suspect" URL, and we tracked how many people clicked on it.We had about 1,000 users click on the link. 80% used the same browser they used to read the diary, so I consider them "production browsers". 10% used "safe browsers" like wget. The remainders are bots/search engines that followed the link.Most people who responded to the diary noted that they do need access to malicious code (and malicious URLs) in order to be able to block them at their web proxies, or that they use safe browsers to access suspicious links. We will continue to post links in our diaries. It is up to the particular handler to decide if it is appropriate to obfuscate the URL, post a partial URL, or not post it at all if it is deemed not appropriate or too risky.

About 20-40,000 users typically read a diary, so 1,000 is not all that large of a number, but still considerable.
Keywords:
0 comment(s)
Diary Archives