[Dshield] Code Red Data Collection.

Joseph Shraibman jks at selectacast.net
Wed Aug 1 22:33:11 GMT 2001


Perhpas a cgi could be created that would send a mail to dshield every 
time someone tried to access default.ida?

Johannes B. Ullrich wrote:

> Ok. I try to kick up ISP notification for this beast 'up a notch'.
> As in this case, regular web server access logs make a great IDS,
> I setup a special DShield import system for them.
> 
> If you mail relevant log lines to 'redalert at dshield.org' they will
> be processed by this separate system. The idea is to come up with
> a list of IPs and notify ISPs/hosting providers of it once a day
> or so.
> 
> Please indicate in the subject line what kind of web server was
> used to collect the log.
> 
> Here the one line Unix shell script to submit logs:
> 
> grep 'default.ida?NNNNN' *access_log | mail -s 'APACHE' redalert at dshield.org
> 
> Please spread the word ;-)
> 
>   Johannes.
> 
> 
> 


-- 
Joseph Shraibman
jks at selectacast.net
Increase signal to noise ratio.  http://www.targabot.com




More information about the list mailing list