[Dshield] scans for certain PHP files

Johannes Ullrich jullrich at sans.org
Thu May 8 21:05:47 GMT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


I am working on a "DShield for Web Server Logs". Actually... if you  
happen to be in Toronto next week, I will talk about it during an  
OWASP evening talk.
I hope to have it all setup and running the latest by SANSFIRE (I hope  
everybody is coming ;-) ).

There are a few challenges for collecting web logs, mainly privacy  
related. I think I sort of got them worked out now and hope to move  
ahead with the current design shortly.


On May 8, 2008, at 3:43 PM, Jon Kibler wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Rick Leir wrote:
>
>>
>> Last year I suggested a dshield like system for web server logs.
>>
>> Maybe I should be using fail2ban.org or similar. Has anyone tried  
>> fail2ban?
>
> Rick,
>
> I seem to remember the discussion of a 'DShield for web server logs'.
> Given the current climate, I think that would be MUCH more valuable  
> than
> the current DShield firewall logs! (How about it Johannes & company?
> What would it take to get you guys to support this?)
>
> Also, I would be interested in experiences with fail2ban and similar
> tools. Especially something that would run in both Solaris and Linux
> environments.
>
> Jon Kibler
> - --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC  USA
> o: 843-849-8214
> c: 843-224-2494
> s: 843-564-4224
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkgjV84ACgkQUVxQRc85QlP7sACgnm80qZakhwj4Tag8Dnkonose
> qCUAoIG86OftFAok4VWMXnDW1N64sP2g
> =Ut87
> -----END PGP SIGNATURE-----
>
>
>
>
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.
>
> _________________________________________
> SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze  
> up north if you can be in New Orleans.  http://www.sans.org/info/15826

- ---------
SANSFIRE 2008 - Washington DC; 42 courses, July 22-31; www.sans.org/  
info/26174









-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFII2srPNuXYcm/v/0RAw9uAJ9uSJtv/Q3rq9Qrexrv0ASR+iNQNwCdGmod
6qbRXKAcL+ggdFuiOhlOydc=
=5JNa
-----END PGP SIGNATURE-----


More information about the list mailing list