[Dshield] New Relay Exploit?

Johannes B. Ullrich jullrich at sans.org
Thu Jan 8 03:49:10 GMT 2004


> Johannes:
> 
> Another log feed possibility here?

yes. We are kicking around a feed for Apache logs for a while now.
Haven't gotten around to set it up right yet. It needs a bit more
thought as to how to bin the data by various web based exploits.
There is also more of a privacy issue as unlike with the firewall
logs we get now, this data will have 'payload'. For example, if
you send in your complete error log, there may be information
about who the bad spellers are in your company ;-). Or username/
password if they are passed via GET...




-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040107/b322586e/attachment.bin


More information about the list mailing list