[Dshield] help identify IIS log entry

Mrcorp mrcorp at yahoo.com
Tue Mar 25 20:05:51 GMT 2003

I run 2 different Honeynets on different ISPs with different connections and therefore get logs of
hundreds of different attacks.  I have packet captures in ethereal and SNORT (MYSQL) formats.  I
also have IIS logs up the (you know what).  If there is anything I can do to help get this off the
ground, let me know.  I can also do other spelcific logging on the honeynets upon request.

On my website, I will actually have ethereal packets up for inspection by the readers.  This is
expected to be up this weekend.  If anyone is interested, send me an email off the list and I will
give you the URL.

Thank you,


--- Johannes Ullrich <jullrich at euclidian.com> wrote:
> yes. I think we should do this. I need to get a better signature
> going for it. Anybody got samples for the different exploits/scanners?
> On 25 Mar 2003 09:47:14 -0800
> John Hardin <johnh at aproposretail.com> wrote:
> > Johannes, do we (you, actually :) want to set up a RedAlert-style
> > repository for these log entries?
> -- 
> --------------------------------------------------------------------
> jullrich at euclidian.com             Collaborative Intrusion Detection
>                                          join http://www.dshield.org
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:

Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!

More information about the list mailing list