The Internet's Immune System
medina at columbia.edu
Thu Nov 13 14:40:18 UTC 2003
myNetWatchman has a work-in-progress search-by-AS
On Wed, Nov 12, 2003 at 06:56:50PM -0500, Jamie Reid wrote:
> It would be useful if these sites allowed you to query them with CIDR ranges to
> see if your site had originated any traffic that triggered their sensor arrays. The
> IDS community never seems to have wrapped its collective head around routing
> information. Looking up single IP addrs is just cosmetic. A real service would
> allow for concerned sites to check their entire address allocations.
> The solution we have takes a massive amount of data munging of a routing
> table and is still experimental, but until attacks can be mapped to meaningful Internet
> topographical information, the real value of these distributed IDS efforts cannot be fully
> I can forsee the argument that people shouldn't be able to look up other sites
> which might be compromised, but if they are really so concerned, they should
> get their sites patched.
> Jamie.Reid, CISSP, jamie.reid at mbs.gov.on.ca
> Senior Security Specialist, Information Protection Centre
> Corporate Security, MBS
> 416 327 2324
> >>> "Bryan Bradsby" <Bryan.Bradsby at capnet.state.tx.us> 11/12/03 04:25pm >>>
> > Devise a system that assumes owners of IP space WANT to know about problems.
> > report --open-proxy 192.168.1.1 <logfiles
> > and have a report sent to whoever needed to know about it.
More information about the NANOG