How we Collaborate and Share FIRST TC, Kyoto Wim Biemolt SURFcert - - PowerPoint PPT Presentation

how we collaborate and share
SMART_READER_LITE
LIVE PREVIEW

How we Collaborate and Share FIRST TC, Kyoto Wim Biemolt SURFcert - - PowerPoint PPT Presentation

Feb 26, 2023 547 likes •1.27k views

How we Collaborate and Share FIRST TC, Kyoto Wim Biemolt SURFcert November 14th, 2012 Oudemirdum Kyoto? Collaboration! SURFnet Global connectivity IPv6 Security DNSSEC

slide-1
SLIDE 1

How we Collaborate and Share

Wim Biemolt SURFcert – November 14th, 2012

FIRST TC, Kyoto

slide-2
SLIDE 2

Oudemirdum

slide-3
SLIDE 3

Kyoto?

slide-4
SLIDE 4

Collaboration!

slide-5
SLIDE 5

SURFnet

slide-6
SLIDE 6

Global connectivity

slide-7
SLIDE 7

IPv6

slide-8
SLIDE 8

Security

slide-9
SLIDE 9

DNSSEC

http://www.internetsociety.org/deploy360/blog/2012/10/excellent-whitepapertutorial-from-surfnet-on-deploying-dnssec-validating-dns-servers/

slide-10
SLIDE 10

SURFcert IDS

slide-11
SLIDE 11

Changing threats

slide-12
SLIDE 12

SpamPot

slide-13
SLIDE 13

Fantastic!

slide-14
SLIDE 14

However …

slide-15
SLIDE 15

Packet love

slide-16
SLIDE 16

SNMP

slide-17
SLIDE 17

Secret

slide-18
SLIDE 18

DNS

Amsterdam Nijmegen Amsterdam

  • nweer

service LAN

slide-19
SLIDE 19

What is happening?

slide-20
SLIDE 20

Abuse

slide-21
SLIDE 21

Partners in crime

slide-22
SLIDE 22

Report the crime

slide-23
SLIDE 23

Very useful

slide-24
SLIDE 24

Measures

slide-25
SLIDE 25

TMS

slide-26
SLIDE 26

SURFcert

slide-27
SLIDE 27

Party!

slide-28
SLIDE 28

How?

5 5

slide-29
SLIDE 29

netflow

slide-30
SLIDE 30

AIRT

slide-31
SLIDE 31

Incidents

2010 2011 2012 (H1) Infected 2531 6373 1948 Probe 36 41 9 Spam 2597 1379 360 Content 6 6 6 Abusive 1 19 4 Denial 807 244 106 Vulnerable 1285 997 510 TOTAAL 7263 9059 2943

slide-32
SLIDE 32

Good job!

slide-33
SLIDE 33

NAT

slide-34
SLIDE 34

Is that everything?

slide-35
SLIDE 35

Hlux/Kelihos Botnet

500 1000 1500 2000 2500 6/11/2011 00:00 6/12/2011 00:00 6/1/2012 00:00 6/2/2012 00:00 6/3/2012 00:00 6/4/2012 00:00 6/5/2012 00:00 6/6/2012 00:00 6/7/2012 00:00 6/8/2012 00:00 6/9/2012 00:00

# unique IP addresses per hour

slide-36
SLIDE 36

IPv4 Heatmap

September 2012 October 2012

slide-37
SLIDE 37

Google maps

September 2012 October 2012

slide-38
SLIDE 38

Region

2012

slide-39
SLIDE 39

Slow decline

slide-40
SLIDE 40

Abuse Information Exchange

slide-41
SLIDE 41

2nd Hlux/Kelihos Botnet

slide-42
SLIDE 42

Status

slide-43
SLIDE 43

Zeus

slide-44
SLIDE 44

Busy!

slide-45
SLIDE 45

IP spoofing allowed?

slide-46
SLIDE 46

Warning by executable

slide-47
SLIDE 47

Favor?

slide-48
SLIDE 48

Together strong

slide-49
SLIDE 49

SCIRT

slide-50
SLIDE 50

Goals

slide-51
SLIDE 51

Focus

Software audits Risk management Juridical questions Virtualization wifi Malware analysis IPv6 security Forensics Honeypot & IDS/IPS Phising

slide-52
SLIDE 52

MoU & TLP

slide-53
SLIDE 53

Press

slide-54
SLIDE 54

Dorifel

slide-55
SLIDE 55

Zeroaccess

slide-56
SLIDE 56

Dutch national cooperation (o-IRT-o)

Since 2002

slide-57
SLIDE 57

Sinowal

slide-58
SLIDE 58

DNSSEC (again)

slide-59
SLIDE 59

You have them

slide-60
SLIDE 60

We have them

slide-61
SLIDE 61

TF-CSIRT

slide-62
SLIDE 62

CSIRT Training

slide-63
SLIDE 63

Trusted Introducer

  • Lists teams
  • Accredits teams
  • Certifies teams
  • Trusted security services.
slide-64
SLIDE 64

Around the world

slide-65
SLIDE 65

FIRST

slide-66
SLIDE 66

FIRST TC

slide-67
SLIDE 67

Share!

slide-68
SLIDE 68

Clearing houses

slide-69
SLIDE 69

Conclusion

slide-70
SLIDE 70
slide-71
SLIDE 71

W

Wim.Biemolt[at]surfnet.nl wimbie www.surfnet.nl +31 30 2 305 305 Creative Commons “Attribution” license: http://creativecommons.org/licenses/by/3.0/