[Dshield] Code Red Data Collection.

Johannes B. Ullrich jullrich at euclidian.com
Wed Aug 1 23:46:32 GMT 2001


Thinking about that... For now, you can send your http log snipplets to
codered at dshield.org .

On Wed, 1 Aug 2001, Joseph Shraibman wrote:

> Perhpas a cgi could be created that would send a mail to dshield every
> time someone tried to access default.ida?
>
> Johannes B. Ullrich wrote:
>
> > Ok. I try to kick up ISP notification for this beast 'up a notch'.
> > As in this case, regular web server access logs make a great IDS,
> > I setup a special DShield import system for them.
> >
> > If you mail relevant log lines to 'redalert at dshield.org' they will
> > be processed by this separate system. The idea is to come up with
> > a list of IPs and notify ISPs/hosting providers of it once a day
> > or so.
> >
> > Please indicate in the subject line what kind of web server was
> > used to collect the log.
> >
> > Here the one line Unix shell script to submit logs:
> >
> > grep 'default.ida?NNNNN' *access_log | mail -s 'APACHE' redalert at dshield.org
> >
> > Please spread the word ;-)
> >
> >   Johannes.
> >
> >
> >
>
>
>

-- 
-------
jullrich at sans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System





More information about the list mailing list