[Dshield] Interesting Zombie Data Graphs

Deb Hale haled at pionet.net
Fri Nov 11 16:20:18 GMT 2005


I used to think so too.  Then I saw a product at a Conference this week that
I am impressed with. It is called LiveNetwork.  Here is a link to the demo
site, Login using ID Demo and pw demo.  This could prove to be a helpful
product for network admins. I think the school district that I work with is
going to try the product for 60 days and see how it works.  

Deb 

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Pete Cap
Sent: Friday, November 11, 2005 9:35 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Interesting Zombie Data Graphs

--- Mark <markt442 at yahoo.com> wrote:
> In the US, an ISP can only perform "limited monitoring" with the staff 
> they have. If they go further, they must staff to fix the problem.

I can see why you'd think so, but actually simple traffic analysis can tell
you a lot.  The amount of information you can learn from netflow analysis
alone is staggering.  And, it can be automated: As a lazy person--err, an
"efficiency expert," I'm fine with letting the big iron handle all the
complex dirty work for me and then e-mail me a list of potential botnet
victims and control channels.

Comcast and the rest of the IT industry are behind on this because IT types
are not engineers, mathematicians, or analysts.  They excel at installing
networks and troubleshooting connectivity problems, but I think most people
working in security can tell you, their expertise in other areas is usually
pretty limited :\

Regards,

Pete


		
__________________________________
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com
_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org To change your subscription options
(or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list