[nsp-sec] [Outreach] Changes Coming

[John Kristoff]

On Thu, 14 Feb 2013 10:40:43 -0500
William Allen Simpson <william.allen.simpson at gmail.com> wrote:

> Good luck.  I'm just very disappointed.  We're really getting away
> from the personally vetted community model.

Well, this is where I can help justify my return to nsp-security.  As
some of you are aware, the Dragon Research Group (DRG), was formed a few
years ago as a volunteer, community-based, not-for-profit organization
with the aim to help make the Internet more secure.

DRG has data and already makes much of it freely available.  DRG can
go further and is willing to provide the traditional pipe-delimited
ASN-specific vetted reports to nsp-security.

Note, DRG does not have the same data as Team Cymru obviously. DRG,
while receiving support from Team Cymru (i.e. my time), DRG is it's own
producer of data.

The DRG can begin to provide the following types of data:

  * SSH scanners and brute force attempts
  * VNC scanners and brute force attempts
  * SMTP scanners and test email/domains
  * DNS scanners and lame delegations
  * HTTP scanners and exploit attempts
  * RDP scanners and brute force attempts
  * SIP scanners and call attempts

Those are some core services currently being monitored and reported
on.  More are possible and surely more are to come.

Before we set this up, I'll gladly take your input on what you'd change
about how you get the data and what it'd like look, please contact me
off list.  Note, we'd strongly favor maintaining and probably start
with just the text-based, pipe-delimited output you've always gotten,
but are open to additional formats and adjustments as well.

Oh, and to help provide you and others with this service, please
consider running a DRG Distro pod if you don't already.  It is the
basis for much of DRG's unique insight and requires a wide deployment
around the globe to be effective.

For more about DRG: <http://dragonresearchgroup.org>

John