Incidents
Announcing a global view on Internet events: ATLAS Feb 06 2007 04:10PM
Jose Nazario (jose monkey org)
Yesterday, Arbor Networks launched the public portal for our ATLAS
project, a product of my team (ASERT) and something near and dear to my
heart. As an incident and threat analyst, I have cobbled together tools
and utilities for discovering what's afoot on the Internet in near
real-time for years, so a lot of my ideas and needs went into this. ATLAS
is something I use every day to investigate incidents and gather data via
packet capture, payload analysis, and honeypots. You can find the free,
public site here:

http://atlas.arbor.net/

Registration isn't required, that's focusing mainly on commercial
customers. Public users get access to the portal for free, and we plan to
keep it that way.

The goal is to find out information about incidents that we know about and
also to discover what is likely to happen in the near term. An example
would be scans and attacks for a newly disclosed vulnerability.

We built ATLAS using a combination of tools we've built and used in the
past to capture and distill scan traffic, lightweight honeypots for
insights into what's going on, and attack characterizations. As this
project progresses we'll be gathering more information and sharing it with
the community, we hope that you stay tuned.

The public portal is targeted at people with needs similar to my own as an
analyst, and it's designed to give you a simple, high impact view of the
Internet:
- entity reports about countries, ASNs and hosts launching attacks,
distilling their activities into usable data
- vulnerability and attack reports showing you background info and attack
data
- service reports showing you vulnerabilities and attacks, as well as
activity sources
- news and analysis
It's designed to put relevant information on the page in front of you when
you need it most and is inspired by intelligence tools from similar
fields.

We launched it to help the analyst community, and in the coming weeks and
months we'll be adding features such as community forums so that everyone
can participate, more data sources, and more features. We hope you find it
as useful as we have, and welcome your feedback and use of the site.

-- jose (at) arbor (dot) net [email concealed]

________
jose nazario, ph.d. jose (at) monkey (dot) org [email concealed]
http://monkey.org/~jose/ http://monkey.org/~jose/secnews.html
http://www.wormblog.com/

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus