[Dshield] Code Red Data Collection.

Johannes B. Ullrich jullrich at euclidian.com
Fri Jul 20 13:33:44 GMT 2001


Ok. I try to kick up ISP notification for this beast 'up a notch'.
As in this case, regular web server access logs make a great IDS,
I setup a special DShield import system for them.

If you mail relevant log lines to 'redalert at dshield.org' they will
be processed by this separate system. The idea is to come up with
a list of IPs and notify ISPs/hosting providers of it once a day
or so.

Please indicate in the subject line what kind of web server was
used to collect the log.

Here the one line Unix shell script to submit logs:

grep 'default.ida?NNNNN' *access_log | mail -s 'APACHE' redalert at dshield.org

Please spread the word ;-)

  Johannes.


-- 
-------
jullrich at sans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System




More information about the list mailing list