Suggested Blog Reading – Monday June 11th, 2007

ReadI think we’re going to play the “how much golf can Andrew get in this week” game. 🙂

Here’s the list:

Introduction to Antispam Practices – Interesting read.

According to a research conducted by Microsoft and published by the Radicati Group, the percentage held by spam in the total number of emails sent daily has been constantly growing since 2005. As a result, spam is expected to represent 77% of emails sent worldwide by 2009, amounting to almost 250 billion unsolicited emails delivered every day.

PHPIDS Released – I wonder how effective this will be?

This has been in development for quite a while, but the intention is to react (more like an IPS than an IDS) to potential attacks. From the site:

The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to.

It’s all about Network Flow – I’m a big fan of NetFlow in corporate environments. It becomes quite useful when you run out of span ports or don’t have the money for a passive flow collector or expensive tap. I haven’t had a chance to try out silktools but I look forward to giving it a shot.

It is undeniable that all other projects are interesting too, but that doesn’t make my point here and I have no time to check them out yet. The main reason why I’m looking into silktools is because it also offers wide range of analysis tools like argus do. Instead of just doing flow data collection, one can perform in depth analysis on the netflow data using the analysis tools that packed with silktools. But again I found out all these great tools come with complexity and that blow away a lot of new comers.

And the answers please… – Hey did you do last nights homework? Can I take a look? I just want to check my answers….

@tlas and his gang do a fantastic job walking through each of the challenges, and a lot can be learned from just taking a look. Even better, they managed to pry the challenge source code out of Kenshoto’s hands (a feat they managed to pull off before I did) and have it posted, so that nearly the entire scenario can be recreated for ownage pleasure in your very own home. So go give it a look, you’ll learn a bunch.

Emerging Information Security Threats, 2007 – I can’t remember the last time Lenny posted something on his blog. I was starting to think the RSS feed was broken. Very good article though. Well worth the wait 🙂

As organizations erect barriers to protect their data, attackers are unleashing new ways of finding and exploiting weaknesses. The threat landscape is one of professional, highly skilled online criminals who create, buy or trade advanced tools that allow them to steal confidential company data, disrupt business operations or snatch logon credentials and other personal information. The teen-aged script kiddies who focused on compromising systems for fame and game are receding into the distant past. Today’s profit-minded attackers are more likely to carry a briefcase than a skateboard.

Managing expectations – a valuable skill and worth the time – This is a key skill in any business. I wish that the burger jockeys at the local fast food joint would take the time to understand this concept. Good post Michael!

One of the biggest things I have learned since I have been in IT is that you have to develop the skill of managing customer expectations (to clarify, the term “customer” means the people for whom you are doing your job – clients, users, etc.). If your customer believes you can perform a service that you cannot, then you have not done a good job in managing expectations, and you will likely end up dissapointing him and hurting the professional relationship.

February 2007 Root Server Attacks – A Qualitative Report – Very good analysis and notes.

During the ISP Security BOF at NANOG 40 last week in Bellevue, Washington, John Kristoff of Neustar Ultra Services provided a nice summary of what actually occurred during the February 6/7, 2007 DNS attacks.

He began by providing a summary of the considerable amount of mis-information provided about the attacks, with his personal favorite being an article titled UltraDNS attack targeted G and L root servers (1st Update). I suppose I can see how such a title might prove a bit misleading. From there, John noted some of the more useful information provided at the time, and in particular that from a lightning talk at NANOG 39 by Dave Knight at the tail end of the attacks.

Scroll to top