[nsp-sec] [ OT ] MacOS X malware
Chris Morrow
morrowc at ops-netman.net
Thu Apr 3 14:58:42 EDT 2008
On Wed, 2 Apr 2008, John Fraizer wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Agreed.
>
> It would be very cool if one of those feeds included things that had
> nasty stuff like this but also happened to have the "services" bit set
> and as a result were not listed in DDoS-RS.
jumping in late in the game, but.. something like a soap/xml/web interface
where you could set parameters for what to DL in the feed, things like:
* age/ttl (first seen X seconds ago, last seen Y seconds ago)
* type-o-malware (windows/linux/mac or 'desktop' vs 'server' vs
'infrastructure')
* vector for infection (email, web/drive-by, scan/sploit)
and perhaps an output format as well:
* null routes (juniper or cisco)
* zebra config
* acl (with acl name/number/direction and juniper/cisco designation)
* dns-zone (bind only ... F djbdns...)
* apache/squid acls
* flow-tools nfilter
this is something that I was pushing for with VZB's Net-Intel project, I
doubt it'll ever get done :( Anyway... that'd give some options to the
requestors eh? :)
-Chris
>
> John
>
> David Freedman wrote:
>> ----------- nsp-security Confidential --------
>>
>> I think there is a very valid point here, RBLs maintain lists of varying levels of "questionability" which are implemented on
>> and entirely "opt-in" basis, whereby if you do not agree with the listing you simply do not use the list.
>>
>> I suggest Cymru adopt a similar set of "more questionable" feeds which we can choose to use or not (providing we don't complain what is on them or ask for anything to be removed without a damn good reason)
>>
>> Dave.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
> Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org
>
> iD8DBQFH8/SW+16lRpJszIgRAmfTAKCC6sl+ATJJ0GVFZbCreSD/l5NfXwCghYlV
> f3gw3xAYq+E+pdUY0/B4aow=
> =zijx
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list