[prev in list] [next in list] [prev in thread] [next in thread]
List: mod-security-users
Subject: Re: [mod-security-users] [Owasp-modsecurity-core-rule-set]
From: yersinia <yersinia.spiros () gmail ! com>
Date: 2011-06-03 15:55:49
Message-ID: BANLkTin2KUkLtJPh4y6gRu3Tex4mWZrdEA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Fri, Jun 3, 2011 at 5:44 PM, Ryan Barnett <RBarnett@trustwave.com> wrote:
> I wanted to run an idea past the community to see if there would be enough
> interest in pursing this concept further. Please refer to this project by
> Arbor Networks -
> http://www.arbornetworks.com/fingerprint-sharing-alliance.html
>
> This is the key description paragraph -
>
> "Attack resolution requires real-time cooperation and coordination between
> service providers to identify a compromised or infected system as close to
> the absolute Internet ingress as possible. The community of service
> providers that are participating in the Fingerprint Sharing Alliance will be
> sharing cyber attack profiles, or "fingerprints" to stop attacks more
> quickly and closer to the source. This is the first time worldwide
> telecommunications companies have been able to share attack profiles
> automatically, allowing providers to consistently protect one another and
> their customers from today's distributed threats."
>
> What I am interested in doing it creating an automated method for users to
> submit "fingerprints" of malicious attacks they have seen on their sites so
> that other ModSecurity users can quickly download those rules and use them
> to protect their sites. I don't want to dive too deep into the technical
> details of "how" at this point.
>
> What I want to know is the following -
>
> 1. Is this something that you would use?
>
Yes . I have some dubt on the possibility of false positive and how to
mitigate this risk.
> 2. Is this something that you would participate in by submitting
> fingerprints?
>
Yes
Thanks very much
>
> Please respond to this email thread if you are interested in this concept.
> If we get a good response, we will proceed with development and work with
> the community on details.
>
> Thanks,
> Ryan
>
> ________________________________
> This transmission may contain information that is privileged, confidential,
> and/or exempt from disclosure under applicable law. If you are not the
> intended recipient, you are hereby notified that any disclosure, copying,
> distribution, or use of the information contained herein (including any
> reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
> in error, please immediately contact the sender and destroy the material in
> its entirety, whether in electronic or hard copy format.
>
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>
[Attachment #5 (text/html)]
<div class="gmail_quote">On Fri, Jun 3, 2011 at 5:44 PM, Ryan Barnett <span \
dir="ltr"><<a href="mailto:RBarnett@trustwave.com">RBarnett@trustwave.com</a>></span> \
wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; \
border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> I wanted to run an \
idea past the community to see if there would be enough interest in pursing this \
concept further. Please refer to this project by Arbor Networks - <a \
href="http://www.arbornetworks.com/fingerprint-sharing-alliance.html" \
target="_blank">http://www.arbornetworks.com/fingerprint-sharing-alliance.html</a><br>
<br>
This is the key description paragraph -<br>
<br>
"Attack resolution requires real-time cooperation and coordination between \
service providers to identify a compromised or infected system as close to the \
absolute Internet ingress as possible. The community of service providers that are \
participating in the Fingerprint Sharing Alliance will be sharing cyber attack \
profiles, or "fingerprints" to stop attacks more quickly and closer to the \
source. This is the first time worldwide telecommunications companies have been able \
to share attack profiles automatically, allowing providers to consistently protect \
one another and their customers from today's distributed threats."<br>
<br>
What I am interested in doing it creating an automated method for users to submit \
"fingerprints" of malicious attacks they have seen on their sites so that \
other ModSecurity users can quickly download those rules and use them to protect \
their sites. I don't want to dive too deep into the technical details of \
"how" at this point.<br>
<br>
What I want to know is the following -<br>
<br>
1. Is this something that you would use?<br></blockquote><div>Yes . I have some \
dubt on the possibility of false positive and how to mitigate this \
risk.<br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; \
border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
2. Is this something that you would participate in by submitting \
fingerprints?<br></blockquote><div>Yes<br><br>Thanks very much<br> \
<br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; \
border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
Please respond to this email thread if you are interested in this concept. If we get \
a good response, we will proceed with development and work with the community on \
details.<br> <br></blockquote><div> Thanks,<br></div><blockquote class="gmail_quote" \
style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); \
padding-left: 1ex;"> Ryan<br>
<br>
________________________________<br>
This transmission may contain information that is privileged, confidential, and/or \
exempt from disclosure under applicable law. If you are not the intended recipient, \
you are hereby notified that any disclosure, copying, distribution, or use of the \
information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. \
If you received this transmission in error, please immediately contact the sender and \
destroy the material in its entirety, whether in electronic or hard copy format.<br>
<br>
_______________________________________________<br>
Owasp-modsecurity-core-rule-set mailing list<br>
<a href="mailto:Owasp-modsecurity-core-rule-set@lists.owasp.org">Owasp-modsecurity-core-rule-set@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set" \
target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set</a><br>
</blockquote></div><br>
------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Discover what all the cheering's about.
Get your free trial download today.
http://p.sf.net/sfu/quest-dev2dev2
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/spiderLabs.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic