Netflix releases home-grown DDoS detectors

Planning on haxing Netflix? Don't plan it on Facebook

Internet Security Threat Report 2014

NetFlix's security team has given the open source treatment to three tools it uses to monitor the internet and gather evidence of planned attacks against its infrastructure.

"Scumblr" and "Sketchy", plus the "Workflowable" tool both rely on, are now on GitHub for any security teams to use.

Scumblr sifts through forums and social media networks in search of discussions of possible hacks or denial of service attacks against an organisation using keywords predefined by an administrator. Sketch takes screenshots and scrapes text from sites.

"Scumblr and Sketchy are helping the Netflix security team keep an eye on potential threats to our environment every day," the pair wrote.

Scumblr includes a set of built-in libraries that allow creating searches for common sites like Google, Facebook, and Twitter. For other sites, it is easy to create plugins to perform targeted searches and return results.

"Once you have Scumblr setup, you can run the searches manually or automatically on a recurring basis."


On paper, the Ruby on Rails Scumblr appears to closely resemble existing open source intelligence tools such as Maltego in that it uses plugins to find and pull together information scattered across the internet.

It also uses Netflix's tidy little triage app "Workflowable", which marks incoming intelligence with labels such as part of a current, possible or concluded investigation.

Admins need not visit any of the websites flagged as possible sources for attacks; Sketchy snapshots those sites to avoid possible compromise should they prove to be malicious.

Other apps did the job but fell over when sites became too content-rich, used SSL, or were saturated with AJAX, Netflix security bods Andy Hoernecke and Scott Behrens wrote.

The tools, which can be downloaded here, here, and here, come with seven libraries ready to peruse services including Facebook, Twitter, and Google.

Netflix is releasing its wares to give back to the open source community under its Open Source Software Initiative which kicked off in 2010

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.