[Dshield] HTTP logging using Netcat

Jos Geluk j-No-Spam-geluk at wanadoo.nl
Mon May 6 21:24:34 GMT 2002


I would like to analyze the HTTP requests sent to the IP address of my 
firewall. To do so, I have the firewall route packets with target port 
80 to a host in my internal network, which runs Netcat. Netcat does 
nothing but write the incoming requests to a logfile, which makes for 
amusing reading.
Questions:
1. Is this a good idea, or is there any risk that I may overlook?
2. Rather than install an intrusion detection package, I would like to 
compare my log file to a list of attack signatures. Some of you people 
can tell a Nimda from a Code Red just from the GET requests, how do I 
get that clever?

Thanks,

Jos.




More information about the list mailing list