[Dshieldannounce] Code Red Data Collection.
Johannes B. Ullrich
jullrich at euclidian.com
Fri Jul 20 13:34:48 UTC 2001
Ok. I try to kick up ISP notification for this beast 'up a notch'.
As in this case, regular web server access logs make a great IDS,
I setup a special DShield import system for them.
If you mail relevant log lines to 'redalert at dshield.org' they will
be processed by this separate system. The idea is to come up with
a list of IPs and notify ISPs/hosting providers of it once a day
Please indicate in the subject line what kind of web server was
used to collect the log.
Here the one line Unix shell script to submit logs:
grep 'default.ida?NNNNN' *access_log | mail -s 'APACHE' redalert at dshield.org
Please spread the word ;-)
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
More information about the Dshieldannounce