Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Storm Season

Published: 2006-03-19
Last Updated: 2006-03-20 01:49:27 UTC
by Marcus Sachs (Version: 1)
0 comment(s)
I was watching the news today and saw that northeastern Australia is being hit hard by a tropical cyclone that is as strong as hurricane Katrina was last year.  Our thoughts and prayers go out to those in the affected area and we hope that the losses and damage are low.  If anybody in the affected area has any lessons to share or if you need any assistance please drop us a note via the contact page above.

Watching the videos of the storm reminded me of how well our readers responded to two requests we had last year in the wake of Katrina.  One was for volunteers to assist with recovery and the other was for assistance with locating and disabling fraudulent web sites and domains designed to take advantage of the Katrina disaster.  I suspect that this year's hurricane season will be no different than last year's so take time now to do proper business continuity planning particularly if you are in areas affected by tropical storms.  Also, if you are able, contact your local chapter of the Red Cross now and sign up for volunteer training.  Regardless of the country you may be in, your local Red Cross or Red Crescent chapter can use volunteers with computer and networking experience.  It's too late to receive training after an emergency happens, so do the training now and be ready to assist when needed in the future.

One more thought - the next "big event" that could happen on a global scale is the avian flu ("bird flu") that every news channel seems to be talking about.  I did a quick search of some potential domain names that contain "avian flu" plus variations and am appalled at what is already registered.  It looks like the scammers and fraudsters are already preparing to take advantage of the Internet community, knowing that many will work from home and will be using the Internet to communicate with family, friends, and co-workers.  We may have to do the same thing we did last year with Katrina and start an effort to identify and disable fraudlent sites and domains, but if you work for an ISP that hosts web sites could you keep an eye out for us and enforce those acceptable use agreements?  It sure would be nice to be able to get in front of this next wave of fraud rather than fight it after it gets started.

Keywords:
0 comment(s)

Five Years of Storming

Published: 2006-03-19
Last Updated: 2006-03-20 01:14:01 UTC
by Marcus Sachs (Version: 1)
0 comment(s)
In March of 2001, the Lion worm set in motion a series of events that resulted in the creation of the SANS Internet Storm Center.  That was five years ago in an era when script kiddies were defacing web sites and launching endless DDoS attacks against each other.  Worms were a pretty big deal, and bots were just getting started.  Credit card theft was already happening, but "identity theft" had not become the big buzzword that it is today.  That was also pre-September 11th and we had no idea what was in store for the planet later that year. 

So on this anniversary of the Storm Center, I'd like to thank all of our volunteer incident handlers from over the years for their many hours of dedicated time, as well as extend a note of appreciation to the thousands of DShield sensor operators, the people who read our daily diaries, and those who participate in the various discussion forums.  I'd like to also thank Johannes Ullrich for his tireless efforts to keep the electrons flowing behind the scenes, and the SANS Institute for paying the bills.

Since we all like to have contests, here's one that should be fun to do.  Look back through your old email to the period around March or April of 2001 and see if you can find any notes that reference the SANS Internet Storm Center.  If you can, forward them to us via the contact page above and we'll figure out who has the earliest one.  We'll mention your name in a future diary if you want us to, or you can remain anonymous.

Happy hunting, and Happy Birthday Internet Storm Center!

Marcus H. Sachs
Director, SANS ISC

Keywords:
0 comment(s)

Potential phpBB Hack Coming?

Published: 2006-03-19
Last Updated: 2006-03-19 18:01:14 UTC
by Marcus Sachs (Version: 1)
0 comment(s)
Two readers (thanks, Ricardo and Ken) pointed us to a story on digg that appeared this morning.  The story links to a posting on a German board about a potential phpBB hack attack coming in the next few weeks:

http://www.issociate.de/board/post/312809/phpBB_mass-hack_being_prepared_

"During the last few days a bot using a name FuntKlakow, has been registering to maybe thousands of phpBB forums. Some speculate that the bot's owners are preparing to exploit an unreported vulnerability."

We might be chasing a ghost here but it's always good to be on the lookout for something like this.

Keywords:
0 comment(s)
Diary Archives