[Dshield] Web honeypot project
John Hardin
jhardin at impsec.org
Wed Feb 18 18:41:08 GMT 2009
On Tue, 17 Feb 2009, CunningPike wrote:
> On Tue, 2009-02-17 at 10:43 -0800, John Hardin wrote:
>> On Tue, 17 Feb 2009, John Hardin wrote:
>
>> ...and, of course, requests for any FrontPage cruft, or ASP, or
>> ASP.NET, or any of the other SSI stuff I don't support.
>
> There are already snort sigs for the majority of these - perhaps you
> might consider submitting snort logs instead?
...you're assuming I run snort on my production server... :)
And wouldn't snort only log _already known_ attacks and vulnerabilities?
DShield is, among other things, an attempt to detect _new_ attacks in a
timely manner.
Does DShield even accept snort logs?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Look at the people at the top of both efforts. Linus Torvalds is a
university graduate with a CS degree. Bill Gates is a university
dropout who bragged about dumpster-diving and using other peoples'
garbage code as the basis for his code. Maybe that has something to
do with the difference in quality/security between Linux and
Windows. -- anytwofiveelevenis on Y! SCOX
-----------------------------------------------------------------------
4 days until George Washington's 277th Birthday
More information about the Dshield
mailing list