MackyGA
@149.9.x.x
| Anyone ever heard of these people?
Hi everyone,
Long time reader, first time poster 
I'm a security manager for a small school in Georgia. My full-time job mostly involves helping people with their anti virus software etc.
The other day we received a mail from something called RENISAC. The message included an ip address that they said was infected with a worm. I investigated and sure enough the ip was for a persons laptop that had multiple viruses on it. I'm guessing they were scanned by the computer and got our information that way.
What I'm wondering though is, has anyone else gotten any mail from these people? Has anyone heard of them before? It looks like they work on Internet 2 related stuff, but we're not connected to that. It's strange that we've never been contacted by them before. They look to have been around a while, references going back 2 years or so online.
Any information from people would be great.
Thank you,
Mack |
|
kcazzie
One Of Jerry's Kids
Premium
join:2000-08-13
Morton Grove, IL
 ·AT&T Midwest
| Try Google, I did and even one topic had Internet2: ... Also most of the stuff had to do with indiana. edu ...
---> »www.google.com/search?q=RENISAC&···t=0&sa=N |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to MackyGA
»www.networkworld.com/news/2003/0···l?page=2
Essentials on Internet2
A few fast facts on the Internet2 project:
• The educational and experimental network began in 1996.
• 203 universities participate.
• This group spends at least $100 million annually on the project.
• There are 50 corporate members that have invested more than $30 million since 1996.
• Network upgrade to 10G bit/sec is nearly complete.
• The movie “The Matrix” can be downloaded in 30 seconds, according to Internet2’s land speed record test.
• It takes 25 hours for the same movie to be downloaded over a DSL.
The group also now has the ability to capture and examine each flow across the network. While the ability to examine traffic closely from all universities has raised security and privacy concerns, Corbato says the group is "very careful with this data. We're looking to see what's happening over the network in real-time, what applications are most popular and the average duration of a data flow."
The group also is dedicated to advancing Internet security. In February, Internet2's Research and Education Network Information Sharing Analysis Center (REN-ISAC) joined the Department of Homeland Security's national information sharing and analysis center group.
"REN-ISAC is a higher-education-sponsored center designed to help universities and colleges improve their security," says Mark Bruhn, acting director of REN-ISAC at Indiana University. The program also lets higher education do its part in securing the national cyberinfrastructure, he says.
Indiana University operates REN-ISAC to monitor security threats and events, such as denial-of-service attacks, in real time. The center not only immediately notifies victims and sources,, but it also shares this information with other universities to help them better secure their networks.
REN-ISAC, now that it's part of the national ISAC program, can exchange findings with other centers. When the federal government initially formed the national sharing program, higher education was not included, which was a mistake, as far as the Internet2 people were concerned.
REN-ISAC Research and Education Network-Information Sharing Analysis Center
»www.indiana.edu/~ocmhp/031403/te···ter.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
Psicop
More human than human
Premium
join:2005-12-21
| reply to MackyGA
REN-ISAC:
»www.ren-isac.net/
Linked to Indiana University.
Give them a call and see what's going on but they don't look too clean according to DNS Stuff records.
Good luck |
|
garywk
join:2001-03-06
Clarkston, WA
| said by Psicop  :REN-ISAC: » www.ren-isac.net/Linked to Indiana University. Give them a call and see what's going on but they don't look too clean according to DNS Stuff records. Good luck So, anyone registered with Network Solutions isn't too clean in your estimation?
--
“Here in America we are descended in blood and in spirit from revolutionists and rebels - men and women who dare to dissent from accepted doctrine. As their heirs, may we never confuse honest dissent with disloyal subversion.”
Dwight David Eisenhower |
|
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
| reply to Name Game
Educational read, *no pun* though.
I wonder what/ how they capture packets, and interpret them. By Ethereal on a computer, or is it via a router especially designed for this project ?
If it does come to the general public, what a test bed, the youth of today.
But the one downfall I can see with this; what off people that leave and become a 'black hat', can they guarantee this.
Sorry for this line of thought MackyGA, but you can't help but question how good, how bad such a move will make.
Guess as it's in trial, the general public won't get much till they at least know it's capabilities.
Sounds promising. |
|
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
1 edit | reply to garywk
said by garywk :said by Psicop :REN-ISAC: » www.ren-isac.net/Linked to Indiana University. Give them a call and see what's going on but they don't look too clean according to DNS Stuff records. Good luck So, anyone registered with Network Solutions isn't too clean in your estimation? "Ad laden", sounds more like industrial/ commercial words in competition, rather than facts. |
|
MackyGA
@62.48.x.x
| reply to MackyGA
Thanks everyone.
I guess what I was really wondering is if the mail was some hook to sell something. I called an associate from another school this morning and he said he had received them before and was never asked to buy anything.
My worry was that by responding I would set myself up for being spammed by them. I've had companies try that before. Call to say they know of some problem computer but would tell us, and regularly afterwards, for a fee. Our budget is so small, I have to be careful about that kind of "help".
Thanks again,
Mack |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to norwegian
REN-ISAC is totally legit, they do very good work, and are quietly working very hard to keep the internet clean. I know senior staff there, and there is z-e-r-o worry about black hat crap; I'd trust them with the most sensitive security information I have (I have, as a matter of fact).
They're the good guys.
Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site |
|
garywk
join:2001-03-06
Clarkston, WA
| reply to MackyGA
quote:
"Ad laden", sounds more like industrial/ commercial words in competition, rather than facts.
I think you're missing the point. The post I quoted was saying REN-ISAC wasn't too clean because of what DNSStuff said about Network Solutions as a domain registrar.
The only entity having anything negative said about it on that page was Network Solutions. I don't see how Network Solutions not providing very much information upline means REN-ISAC is problematic.
--
“Here in America we are descended in blood and in spirit from revolutionists and rebels - men and women who dare to dissent from accepted doctrine. As their heirs, may we never confuse honest dissent with disloyal subversion.”
Dwight David Eisenhower |
|
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
|
No I wasn't missing the point gary, I understood exactly what was being said, sorry you think what I said suggested otherwise.
Any study and improvement of the internet has to be a positive thing. I am keen to hear that something is in trial out there.
Whether speed is the issue here, or the understanding of the packets and the (maybe) security gains, or both, does have nothing to do with it's origins, nor it's maker.
The plusses of these are what we are after, and look forward to learning more even as a home user.
You boys can't have all the fun. |
|
Psicop
More human than human
Premium
join:2005-12-21
| reply to garywk
Well I said what I said because I thought that if you get associated with someone whose business practices are let's say "unclear" then there must be something wrong with you.
As this is not the case it's all good then. No dramas.
Cheers.
|
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| said by Psicop :Well I said what I said because I thought that if you get associated with someone whose business practices are let's say "unclear" then there must be something wrong with you. As this is not the case it's all good then. No dramas. Cheers. There is nothing unclear  except the way you used dnsstuff 
»www.dnsstuff.com/tools/ptr.ch?ip···79.78.96
»www.dnsstuff.com/tools/whois.ch?···79.78.96
»www.dnsreport.com/tools/dnsrepor···isac.net
ren-isac at iu dot edu uses 129.79.78.96 as an IP address and is located in Bloomington, IN, US
»ws.arin.net/cgi-bin/whois.pl?que···79.78.96
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to norwegian
said by norwegian :Educational read, *no pun* though. I wonder what/ how they capture packets, and interpret them. By Ethereal on a computer, or is it via a router especially designed for this project ? If it does come to the general public, what a test bed, the youth of today. But the one downfall I can see with this; what off people that leave and become a 'black hat', can they guarantee this. Sorry for this line of thought MackyGA, but you can't help but question how good, how bad such a move will make. Guess as it's in trial, the general public won't get much till they at least know it's capabilities. Sounds promising. This might give you an idea of "how" they do it...and some of the things they have done in the past to help control worms and other bad boys..
@MackyGA
REN-ISAC is not after your money..can you tell us what kind of "multiple virus" you found on that laptop by name?
»www.google.com/search?hl=en&lr=&···G=Search
REN-ISAC W32/Blaster debrief as of 2000 GMT Fri Aug 15 2003
The REN-ISAC[1] and the IU Advanced Network Management Lab (ANML[2]) are continuing to perform analysis of Abilene NetFlow data to characterize W32/Blaster activity. A sample during the period 1200-1500 GMT Thursday August 14 was used to identify top network AS sources of port 135 scans on Abilene. Within the top-twenty list, six AS were repeats from the August 14 top twenty. E-mail notifications were sent to the network contacts, including 18 U.S. universities, and 2 U.S. GigaPoP/aggregates.
»listserv.educause.edu/cgi-bin/wa···&P=11463
»ren-isac.net/monitoring.cgi
Abilene NetFlow data
»www.google.com/search?hl=en&lr=&···G=Search
The Abilene Observatory
»abilene.internet2.edu/observator···ess.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
