Friday, May 13, 2005


Johannes Ulrich talked at last night's BOF (Birds Of a Feather) about the Internet Storm Center (ISC) and DShield (the organization that the ISC depends on for data). Salient points include:
  • DShield is interested in the home user. Logs from your routers give them a much broader view of what's going on than logs from a large organization.
  • When you turn in your logs, please sanitize them. Replace the first octet with "10".
  • The INFOCon alert status is available as an RSS feed (I still have to find it).
  • The ISC site can be viewed without any browser-side scripting (no Java, no JavaScript, no VBS, etc.).

The BOF was very interesting. I came away from it with a couple ideas to work on. One of those is coming up with a script, to run on those modified 54G's that many of us have, so that the router logs can be turned in once per hour (as Johannes requested). Another is to investigate how the black hats are employing IPv6 as a covert channel.

Should keep me busy for awhile....