Setup a Sensor

The SANS Internet Storm Center is always interested in new users joining our sensor network. No network is too small. One-host cable modem or DSL users are frequently the first to see new attacks.

We do use DShield.org to collect our data. In order to participate, see

http://www.dshield.org/howto.php

Many firewalls are supported, and the page links to respective client software to make submissions easy and in many cases fully automate them.

Even large networks can use this system to submit logs. We do have several participants that monitor thousands of hosts. If you need more help, please contact us.

Web Application Honeypot

If you run a web server, consider participating error logs using our Webapp Honeypot . In particular, hobby webservers are very usefull for this project.

Becoming a Handler

  • Trustworthiness
  • A new handler should add a facet to our team that is not yet covered.
  • A past history of participation in public mailing lists, and a proven record of patient, clueful responses in particular to newbie questions.
  • Willingness to spend a good chunk of your life dealing with handler business
  • Ability to take over as handler of the day about once a month
  • Candidates which hold GIAC certifications, are SANS instrutors, or have shown their skills in other SANS projects are prefered.

for details, see our handler roadmap.