[AusNOG] Shadowserver - ASN & Netblock Alerting & Reporting Service

Zane Jarvis zane at auscert.org.au
Tue Feb 17 17:48:34 EST 2009


Hi all,

  Regarding the email included below:

You may be interested in receiving the data from the volunteer group known
as ShadowServer. We have been receiving data from them for a while. Today
they have opened it up to ISPs and Netblock owners. Previously it was CERTs
who had access.

Let me know if you sign up and find the data valuable.

Best Regards,
Zane.

---
Zane Jarvis, Computer Security Analyst   | Hotline: +61 7 3365 4417
AusCERT, Australia's national CERT       | Fax:     +61 7 3365 7031
The University of Queensland             | WWW:     www.auscert.org.au
QLD 4072 Australia                       | Email:   auscert at auscert.org.au


-----Original Message-----
The Shadowserver Foundation is pleased to announce the formal rollout of
our ASN/netblock alerting and reporting service.

This reporting service is provided free-of-charge and is designed for
ISPs, enterprises, hosting providers, and other organizations that
directly own or control network space. It allows them to receive
customized reports detailing detected malicious activity to assist in
their detection and mitigation program.  Shadowserver has been providing
this service to many subscribers for over two years, and currently
generate over 4000 reports nightly. Since the response to this service
has been extremely positive from our consumer base, we now wish to make
it more widely and openly available.

The reporting service monitors and alerts the following activity:

Detected Botnet Command and Control servers
Infected systems (drones)
DDoS attacks (source and victim)
Scans
Clickfraud
Compromised hosts
Proxies
Spam relays
Malicious software droppers and other related information.

The Shadowserver Foundation filters data received from its worldwide
sensor and monitoring networks and employs an analysis engine to
classify the attacks. It then sorts this data according to ASN,
netblock, and even Geolocation. Detected malicious activity on a
subscriber's network is flagged accordingly and is included in daily
summarization reports detailing the previous 24 hours of activity.
Reports are only sent upon detection of malicious activity.  These
customized reports are made freely available to the responsible network
operators as a subscription service.

To request a free subscription to The Shadowserver Foundation's
ASN/netblock reporting service, send an email from your organization's
email account to  admin at shadowserver.org

Please provide the following information:

Name
Organization
Networks of responsibility by ASN or CIDR
Email address(es) of the report receipients
Contact information for verification

The Shadowserver Foundation is an all volunteer, non-profit,
vendor-neutral organization that gathers, tracks, and reports on
malicious software, botnet activity, and electronic fraud. It is the
mission of the Shadowserver Foundation to improve the security of the
Internet by raising awareness of the presence of compromised servers,
malicious attackers, and the spread of malicious software.
--


The Shadowserver Foundation
http://www.shadowserver.org




More information about the AusNOG mailing list