Established in 2001, the SANS Internet Storm Center (ISC) has become the go-to provider of free analysis and warning service to thousands of internet users and organizations. This early warning system has led to the discovery of many well-known threats over the years, such as Code Red, Ramen and other worms.
Launched after a group of analysts with intrusion detection expertise worked together to alert some 200,000 people around the globe of the Li0n worm within hours of its discovery, ISC continually reaffirms the value of how sharing intrusion detection information in real-time can reduce the impact of broad-based attacks.
These days, ISC gathers millions of intrusion detection log entries everyday from sensors covering over 500,000 IP addresses in more than 50 countries. It relies on an all-volunteer effort to detect problems, analyze the threats and disseminate both technical and procedural information to the general public.
During 2005, one of the most complex challenges facing internet users was a DNS cache poisoning problem, which plagued servers across the globe. After getting access to the DNS server at the core of the attack, ISC analysts, known as handlers, were able to uncover a rather complex flaw in a common DNS server and create an alert.
As a free service to the internet community, the ISC is supported by volunteer incident handlers who post their analysis on the Storm Center website. A core group of handlers is overseen by Chief Research Officer Johannes Ullrich, who was named one of SC Magazine's Top 5 Influential IT Security Thinkers for 2005. ISC's work is supported by the SANS Institute from tuition paid by students attending SANS security education programs.