Netflix releases home-grown DDoS detectors
Planning on haxing Netflix? Don't plan it on Facebook
NetFlix's security team has given the open source treatment to three tools it uses to monitor the internet and gather evidence of planned attacks against its infrastructure.
"Scumblr" and "Sketchy", plus the "Workflowable" tool both rely on, are now on GitHub for any security teams to use.
Scumblr sifts through forums and social media networks in search of discussions of possible hacks or denial of service attacks against an organisation using keywords predefined by an administrator. Sketch takes screenshots and scrapes text from sites.
"Scumblr and Sketchy are helping the Netflix security team keep an eye on potential threats to our environment every day," the pair wrote.
Scumblr includes a set of built-in libraries that allow creating searches for common sites like Google, Facebook, and Twitter. For other sites, it is easy to create plugins to perform targeted searches and return results.
"Once you have Scumblr setup, you can run the searches manually or automatically on a recurring basis."
On paper, the Ruby on Rails Scumblr appears to closely resemble existing open source intelligence tools such as Maltego in that it uses plugins to find and pull together information scattered across the internet.
It also uses Netflix's tidy little triage app "Workflowable", which marks incoming intelligence with labels such as part of a current, possible or concluded investigation.
Admins need not visit any of the websites flagged as possible sources for attacks; Sketchy snapshots those sites to avoid possible compromise should they prove to be malicious.
Other apps did the job but fell over when sites became too content-rich, used SSL, or were saturated with AJAX, Netflix security bods Andy Hoernecke and Scott Behrens wrote.
Netflix is releasing its wares to give back to the open source community under its Open Source Software Initiative which kicked off in 2010.®