[Dshield] Crossing the Line (was: SQLSnake)

Ed Truitt ed.truitt at etee2k.net
Thu Jul 11 02:04:01 GMT 2002


I haven't seen a program that will parse the syslog entries from LaBrea,
however I strongly recommend the LaBrea::Tarpit PERL module from
www.bizsystems.net/downloads - not only does it include a program to forward
LaBrea output to DShield, but it also includes modules to set up real-time
displays of the tarpit (see
http://osiris.etee2k.net/cgi-bin/tarpit/paged_report.plx for an example)
which allows you to track what is going on using any web browser (which is,
by the way, how I discovered the unleashing of SQLsnake - I was showing off
LaBrea to some of my co-workers when the first wave of probes hit.)

Cheers,
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
http://www.etee2k.net
http://www.bsatroop148.org

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."


----- Original Message -----
From: "John Hardin" <johnh at aproposretail.com>
To: "DShield mailing list" <list at dshield.org>
Sent: Wednesday, July 10, 2002 4:54 PM
Subject: Re: [Dshield] Crossing the Line (was: SQLSnake)


> On Wed, 2002-07-10 at 13:05, Johannes Ullrich wrote:
> >
> > LaBrea is a great
> > tool to do this (with DShield reporting of course).
>
> Will Dshield parse the syslog entries that LaBrea generates? e.g.:
[snip]




More information about the list mailing list