Quantcast
Channel: Andrew Martin » Intrusion Detection
Browsing all 10 articles
Browse latest View live
Image may be NSFW.
Clik here to view.

Finding the unknown on your network

:0
:0
November 26, 2008, 7:59 am

One of the things I constantly keep in mind is “how do I find what I don’t know about?”. An unknown threat is what will hurt you and your organization. So how does one find something they don’t know...

View Article
Search
Image may be NSFW.
Clik here to view.

Sources of Badness – LeaseWeb

:0
:0
December 11, 2008, 8:32 am

**Edit 2** I’d like to thank LeaseWeb for taking the time to respond to this post. It’s great to hear that they take action quickly once informed of abuse. I found it surprising that they would receive...

View Article

Sources of Badness – UATelecom

:0
:0
December 12, 2008, 10:28 am

The next source of badness I’ll cover is UATelecom (AS44997). With a /22, this host is much smaller than LeaseWeb. A Swiss blogger also had a run in with this host which you can read about here...

View Article

Sources of Badness – ZlKon

:0
:0
December 15, 2008, 9:27 am

After a weekend hiatus, I’m back with the next host of interest – ZlKon. role: ZlKon HostMaster address: Lilijas iela 4-74 address: Riga, LV-1055 address: Latvija phone: +371 26330593 e-mail:...

View Article

Sources of Badness – PortNAP

:0
:0
December 16, 2008, 7:05 am

One of the smaller hosts I’ve identified is PortNAP Internet Services. They appear to get their service from Grafix Internet B.V. We’ve seen fake anti virus coming from 3 of their IPs in two different...

View Article
Image may be NSFW.
Clik here to view.

Sources of Badness – Starline Web Services

:0
:0
December 17, 2008, 1:50 pm

Next up, we have Starline Web Services, based in Estonia. Starline was recently in the news for briefly hosting a Srizbi C&C as reported by Fireeye. inetnum: 92.62.101.0 - 92.62.101.255 netname:...

View Article

Sources of Badness – Still Trade LTD

:0
:0
December 22, 2008, 10:39 am

The absolute worst culprit that I’ve come across so far in terms of bad IPs is Still Trade LTD from Russia. They have their own /24, AS47486. Out of 34 web servers in their IP block, 30 are bad....

View Article

Finding the Unknown – Detecting Emailed Malware Waves

:0
:0
June 29, 2009, 7:34 pm

In a previous post I discussed using the technique of watching for the transfer of executable files around the network as a method of intrusion detection. This is a great way of discovering machines...

View Article
Search
Image may be NSFW.
Clik here to view.

One Click Hosting Spreads Banking Trojan

:0
:0
July 2, 2009, 4:59 pm

While this is not totally new, I only recently came across my first event involving a one click host serving  malware. What is one click hosting? These are providers which you have probably heard of...

View Article

Major Stealthy Malware Campaign – 711 Domains Taken Down

:0
:0
December 8, 2009, 1:52 pm

Starting sometime around November 6th, many attacks were observed coming from strangely named domains such as us.bf9.info, us.bp0.info, us.bn3.info, etc. The attackers employed some code splitting...

View Article
Browsing all 10 articles
Browse latest View live
More Pages to Explore .....
Search

Latest Images

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

April 18, 2024, 11:05 am
Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

April 17, 2024, 6:48 pm
Deepfake Video of Aamir Khan circulates Online

Deepfake Video of Aamir Khan circulates Online

April 17, 2024, 3:07 am
Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

April 14, 2024, 8:14 am
Have you seen Michael Wines? Burien man has been missing since Saturday,...

Have you seen Michael Wines? Burien man has been missing since Saturday,...

April 12, 2024, 3:59 pm
Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

April 11, 2024, 5:27 pm
19 Reader-Favourite March Purchases — From Steals To Splurges

19 Reader-Favourite March Purchases — From Steals To Splurges

April 11, 2024, 5:07 am
Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

April 9, 2024, 4:00 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
First Pictures of the Eclipse ! ! !

First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm