Threat Level: green Handler on Duty: Tom Webb

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-07-17 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Couple ISC site updates

Published: 2007-07-17
Last Updated: 2007-07-17 20:54:25 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

The page which allows you for new diary notifications was broken and is now fixed again (see http://isc.sans.org/notify.html ).

A couple weeks ago I added AS reports. They are still being tested. Let me know if you have feedback. (see http://isc.sans.org/as.html )

We are planning in the not to distant future to do a test of our "infocon" system. This is just a pre-pre notification and here is the overall plan I am thinking about right now:

  1. publish a story with details about the test, a few days in advance.
  2. publish a second diary story with details about the test, one hour before the test.
  3. change the infocon. I am thinking about using the suffix "test" in our infocon.txt ( isc.sans.org/infocon.txt ) file.
  4. update the second story once all is back to normal.

So if you are triggering any notifications, be aware that this may happen. I will run the test around noon EDT. This is about the time when most of our readers are awake (Europe + US). Its probably better to do this during business hours then late at night. No need to wake up anybody with a pager alert.

 

 

Keywords:
0 comment(s)

Reporting firewall logs

Published: 2007-07-17
Last Updated: 2007-07-17 20:43:47 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

We got a couple of users forwarding firewall logs to the handlers\at/sans.org e-mail address. While we appreciate logs, malware and other reports like it, please don't send automated log reports to handlers\at/sans.org. If you send logs, include some detail why you consider them unusual.

Please use DShield for automated log reporting (see http://www.dshield.org/howto.html ). Our handlers have access to the DShield database and regularly check it for unusual activity.

Thanks!

 

Keywords:
0 comment(s)
Diary Archives