store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Tue Aug 20, 2019 12:23 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 1 post ] 
Author Message
 Post subject: Atomicorp Threat Intelligence system
Unread postPosted: Wed Dec 10, 2014 5:52 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4081
Location: Chantilly, VA
As some users may have noticed we quietly added a new feature to Atomic Secured Linux (ASL), the Atomicorp Threat Intelligence system. Right now the TI is only applied to web events, but we will be rolling the TI into other services as well in the coming months, so the TI will be protecting other services such as mail, FTP, ssh and others. We'll also be adding it into the ASL firewall so you can automatically blacklist IPs in the various TI databases as you see fit.

The TI is a real time threat intelligence system that uses our web of honeypots, and participating ASL systems to track attacks and attackers in real time. It diferentiates different kinds of attackers automatically (spammer, brute force attackers, SQLi, etc.) and disseminates this in real time to participating ASL systems. On the back end theres also an analyst system that lets us develop profiles of attackers, track bad guys over long time, dissect what they are doing and all sorts of other neat things.

The TI includes a number of elements, but at this point the one most users will be interested in are the DNS RBLs. We've put up a wiki page describing the DNS RBL TI elements and how to use them.

https://www.atomicorp.com/wiki/index.php/Atomicrbl

You can also look up IPs on the lookup page at the URL below:

http://www.atomicrbl.com/lookup/

And a daily report of attacks is available at:

http://www.atomicrbl.com/rep/

What I'd like to bring to users attention is that the DNS RBL zones are also available via rsync, and we'd like to see users take advantage of that capability. Please see the wiki page for details about how to get access to the zones, they are not open the public you will need to be granted access, just see that page for details.

If you have any questions about the TI, please post them in TI forums.

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 1 post ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group