[Dshield] scans for certain PHP files
jullrich at sans.org
Thu May 8 21:05:47 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
I am working on a "DShield for Web Server Logs". Actually... if you
happen to be in Toronto next week, I will talk about it during an
OWASP evening talk.
I hope to have it all setup and running the latest by SANSFIRE (I hope
everybody is coming ;-) ).
There are a few challenges for collecting web logs, mainly privacy
related. I think I sort of got them worked out now and hope to move
ahead with the current design shortly.
On May 8, 2008, at 3:43 PM, Jon Kibler wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Rick Leir wrote:
>> Last year I suggested a dshield like system for web server logs.
>> Maybe I should be using fail2ban.org or similar. Has anyone tried
> I seem to remember the discussion of a 'DShield for web server logs'.
> Given the current climate, I think that would be MUCH more valuable
> the current DShield firewall logs! (How about it Johannes & company?
> What would it take to get you guys to support this?)
> Also, I would be interested in experiences with fail2ban and similar
> tools. Especially something that would run in both Solaris and Linux
> Jon Kibler
> - --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC USA
> o: 843-849-8214
> c: 843-224-2494
> s: 843-564-4224
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
> Filtered by: TRUSTEM.COM's Email Filtering Service
> No Spam. No Viruses. Just Good Clean Email.
> SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze
> up north if you can be in New Orleans. http://www.sans.org/info/15826
SANSFIRE 2008 - Washington DC; 42 courses, July 22-31; www.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
-----END PGP SIGNATURE-----
More information about the list