Hi,
Anyone can provide me a list of may be 5 or more good sources of sites
that actually would provide somewhat up to date informations of new
compromise sources of attacks and possibly details as to how to remove them.
I see regular new source of attacks and at time customers get compromise
and I can see the attack and block them, but finding more details on
what it might be or how to remove it is time consuming and google will
time to time may be provide some details, but most of the time more
useless details on it from various post asking for help more then
anything else.
Is there any good sites that are actually keeping decent somewhat up to
date informations on these that can be refer at to help customers or at
a minimum learn more about new attack in progress.
Many sites provide more like, new malware name, and what not, but not
really how they go at it or how they are seen on the Internet.
Example lately there is a bunch of new one, like attack to tcp/5721 or
to tcp/18082.
I have plenty of honeypot in place, and logged them to syslog, so I can
see them and see new one as they come up. I can notify customers of this
and asking them to clean it up, etc. But in many cases, I can't provide
more details on it, or offer help as to what it might be, or how to
removed it.
I can only block these until the issue is clean, but it would be helpful
if I could provide more details when possible as to what it might be.
I realize staying on top of this is mostly impossible as it is
constantly changing, but any source that is somewhat up to date would be
nice.
Any suggestions are a valid source of it.
securityfocus or bug track, etc. They provide informations, yes, but not
in a sample matter like new attack in progress, tcp/xxx, or udp/xxx is
coming near you type of details and as to what it might be and how it
could may be isolated and removed from possible compromise computers.
Thanks for any clue or details if you know of any.
Each new one really does take a considerable amount of time, sometime to
find details on and having somewhat some sources that may be tracking
this might be useful and help speedup the process.
Thanks
Daniel
