[Dshield] HTTP logging using Netcat
j-No-Spam-geluk at wanadoo.nl
Mon May 6 21:24:34 GMT 2002
I would like to analyze the HTTP requests sent to the IP address of my
firewall. To do so, I have the firewall route packets with target port
80 to a host in my internal network, which runs Netcat. Netcat does
nothing but write the incoming requests to a logfile, which makes for
1. Is this a good idea, or is there any risk that I may overlook?
2. Rather than install an intrusion detection package, I would like to
compare my log file to a list of attack signatures. Some of you people
can tell a Nimda from a Code Red just from the GET requests, how do I
get that clever?
More information about the list