http://www.dshield.org/indexd.html
I was looking at the dshield website today and found this interesting diary entry from yesterday.
"The Internet Storm Center is focusing on IP ports for the month of October. I am going to continue the theme, but with a bit of a twist. I am going to talk about a few of the ports that are usually not desirable to appear in a traffic analysis. There are many more than I could list, the majority associated with malware. But not all of them.
Here we go:
1214 - Limewire/Kazaa (A Peer-to-Peer application. Not by definition malware, but not something desirable in an enterprise)
2773 - SubSeven (Trojan)
5631 - pcAnywhere (A commercial remote control application)
1863 - Numerous Microsoft applicationsI want to emphasize that these listed are not necessarily bad.
The point here is awareness. Knowledge, and management, of the ports required and permitted in the enterprise, and at home, will lead to an overall improvement of the security posture of a network. This is where syslogs, traffic analysis, and documentation will tie everything together." (tony d0t carothers @ isc d0t sans d0t org)
Also, to help promote Internet security and awareness, I'm going to start posting the Internet Security Threat Level and 'On-Duty' Handler for the Internet Storm Center(ISC). If you get time, check out their site at http://www.dshield.org/. This site has a lot of interesting information including the amount of malware that is being distributed and reported. Check out the image below:
Sunday, October 11, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment