[prev in list] [next in list] [prev in thread] [next in thread]
List: dshield
Subject: [Dshield] Web Server Attacks to DShield?
From: David Cary Hart <DavidHart () tqmcube ! com>
Date: 2004-12-18 18:32:38
Message-ID: 1103394758.20232.17.camel () dch ! TQMcube ! com
[Download RAW message or body]
>From my neophyte perspective, perhaps it is time to consider an
additional database and reporting system for server attacks. Even if one
were using various tools to log or reject attacks, this still ends up
being reported to DShield without the substance necessary for a Fight
Back. In fact, I suspect that port 80 reports are generally
disregarded.
The originating ISP would require the hack detail ("GET /scripts/..%%35%
63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 295 "-").
I would be fairly simple to parse the logs (I think) or to use snort.
Correct me if I am wrong but would this not be a way to curb the spread
of some viruses at their earliest stage? DShield has certainly
demonstrated that the collective approach is powerful. Maybe even
COMCAST might get the message and clean up their act.
________________________________________________________________________
Total Quality Management - A Commitment to Excellence
http://www.TQMcube.com
-------------- Sponsor Message ------------------------------------
SANS Intrusion Immersion Training: Orlando, FL, February 3-9th
http://www.sans.org/orlando05
_______________________________________________
send all posts to list@lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic