Yesterday, I attended a very interesting session about the SANS “Internet Storm Center” (ISC). This event was organized by the Belgian ISSA Chapter in Brussels. As I’m a daily ISC users for a long time, it was very interesting to have a “back stage” overview of this organization.
The Internet Storm Center runs on a 24 x 7 basic and incidents are managed by ~35 handlers. All of them are volunteers and take a shift of 24 hours of duty. There are spread worldwide to cover all timezones. Everybody can participate by sending incident reports or just suspicious activities detected on networks. Based on simple rules, they can decide if the reported information is useful to the community and publish it. The on-duty handler writes one diary. Several updates may be released if new events or updates occurred.
Question: how can you participate more actively with the ISC? Check out dshield.org. If you manage a firewall you can submit your logs and statistics will be generated (per IP address or port – source or destination) as the following example:
 |
They provide log parsers which can handle almost all type of logs. Check the list: here. Personally, I submit firewall logs since 2003 (with some period of interruption from time to time). Feel free to join!
The ISC produces an excellent day to day job and is a must read for all people who deal with Internet or security in their job.