<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

CATEGORY ARCHIVES: dshield

The mobile to cloud security challenge

ThreatSTOP is spending the week up in San Francisco at RSA. We will be on the Vyatta booth, #452, showcasing our joint solution for the protection and centralized management of virtual and cloud firewalls.

Read More

Share this:

The Worst AS in the world

In an email discussion over the weekend (which was based in part on this post by Brian Krebs) about the distributors of malware it was noted that much of it came from one particular AS - AS49469 Sa Nova Telecom Grup SRL. As is usually the case when I get this kind of email I take a look at our database to see what we know about the subject. In this case I discovered that AS49469 is one of the 64 ASes whose IP address ranges are completely covered by one or more of our blocklists.

Read More

Share this:

Come Hear Johannes Ullrich of SANS Institute Talk

Johannes Ullrich, Dean of Faculty and Chief Research Officer at SANS Institute and founder of DShield (full disclosure: also advisor to ThreatSTOP), will give a talk on the ever-changing threat landscape and how to detect existing breaches, protect against botnets and advanced persistent threats, and safeguard your data.  It will be at a lunch and learn event jointly sponsored by ThreatSTOP and the Orange County IT Executive Round Table on April 26, at Newport Beach, CA.  Registration is FREE for qualified IT security professionals.  Come enjoy great food, learn something and connect with your peers.  For more info, go here.

Read More

Share this:

Geographic Distribution of Malware

I volunteered to give a talk to the University of Cambridge Computer Lab yesterday. The talk was about how different countries "specialize" in different sorts of malware - or, to be slightly more accurate, show up in our database from different feeds.

Read More

Share this:

How long does an IP address remain infected?

One of the interesting questions we get asked at TheatSTOP concerns how long an IP address remains bad once it has been identified as such. The answer is not completely straightforward and varies depending on which threat list it has been put on. Moreover many lists do not have specific "first seen" or "last seen" data on each IP address, rather they simply list the currently active list (where active typically means that they have been identified as bad within the last week or so). Possibly worse for questioner, some of the threat sources we use are distributed under terms that prohibit us from answering the question.

Read More

Share this:

Home Page

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter