[Dshield] Code Red Data Collection.
Johannes B. Ullrich
jullrich at euclidian.com
Wed Aug 1 23:46:32 GMT 2001
Thinking about that... For now, you can send your http log snipplets to
codered at dshield.org .
On Wed, 1 Aug 2001, Joseph Shraibman wrote:
> Perhpas a cgi could be created that would send a mail to dshield every
> time someone tried to access default.ida?
> Johannes B. Ullrich wrote:
> > Ok. I try to kick up ISP notification for this beast 'up a notch'.
> > As in this case, regular web server access logs make a great IDS,
> > I setup a special DShield import system for them.
> > If you mail relevant log lines to 'redalert at dshield.org' they will
> > be processed by this separate system. The idea is to come up with
> > a list of IPs and notify ISPs/hosting providers of it once a day
> > or so.
> > Please indicate in the subject line what kind of web server was
> > used to collect the log.
> > Here the one line Unix shell script to submit logs:
> > grep 'default.ida?NNNNN' *access_log | mail -s 'APACHE' redalert at dshield.org
> > Please spread the word ;-)
> > Johannes.
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
More information about the list