Tuesday, April 15, 2008

Packet heads and malware hunters rejoice

A couple of projects have recently emerged from development that are well worthy of adding to your feed readers.
Matt Jonkman at Emerging Threats pointed out OpenPacket.org, "a web site whose mission is to provide a centralized repository of network traffic traces for researchers, analysts, and other members of the digital security community." And traces they have...all the yummy pcap goodness you could ever hope for in the Capture Repository. This is a gloden opportunity to correlate attack trends to what you may be seeing on your networks, ro take the time to analyze captures you may not otherwise see, thus tuning your packet analysis skills. It goes without saying that Openpacket.org was conceived by Richard Bejtlich.
The other site of immediate interest to bug hunters is the SRI Malware Threat Center. The press release is here, but the premise is this: "SRI's Malware Threat Center posts daily updates of firewall filters, malware-related domain name system (DNS) names, antivirus statistics, intrusion detection system (IDS) signatures, and malware binary data to help network administrators understand current and emerging computer security threats and provide key network defense information that can be configured into security products to help network administrators fend off the latest malware threats."
The data is drawn from the Cyber-TA Honeynet Project and is extremely useful.

del.icio.us | digg

No comments:

toolsmith #131 - The HELK vs APTSimulator - Part 1

Ladies and gentlemen, for our main attraction, I give you...The HELK vs APTSimulator, in a Death Battle! The late, great Randy "Macho...