[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mod-security-users
Subject:    Re: [mod-security-users] [Owasp-modsecurity-core-rule-set]
From:       yersinia <yersinia.spiros () gmail ! com>
Date:       2011-06-03 15:55:49
Message-ID: BANLkTin2KUkLtJPh4y6gRu3Tex4mWZrdEA () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


On Fri, Jun 3, 2011 at 5:44 PM, Ryan Barnett <RBarnett@trustwave.com> wrote:

> I wanted to run an idea past the community to see if there would be enough
> interest in pursing this concept further.  Please refer to this project by
> Arbor Networks -
> http://www.arbornetworks.com/fingerprint-sharing-alliance.html
>
> This is the key description paragraph -
>
> "Attack resolution requires real-time cooperation and coordination between
> service providers to identify a compromised or infected system as close to
> the absolute Internet ingress as possible. The community of service
> providers that are participating in the Fingerprint Sharing Alliance will be
> sharing cyber attack profiles, or "fingerprints" to stop attacks more
> quickly and closer to the source. This is the first time worldwide
> telecommunications companies have been able to share attack profiles
> automatically, allowing providers to consistently protect one another and
> their customers from today's distributed threats."
>
> What I am interested in doing it creating an automated method for users to
> submit "fingerprints" of malicious attacks they have seen on their sites so
> that other ModSecurity users can quickly download those rules and use them
> to protect their sites.  I don't want to dive too deep into the technical
> details of "how" at this point.
>
> What I want to know is the following -
>
>  1.  Is this something that you would use?
>
Yes . I have some dubt on the possibility of false positive and how to
mitigate this risk.

>  2.  Is this something that you would participate in by submitting
> fingerprints?
>
Yes

Thanks very much


>
> Please respond to this email thread if you are interested in this concept.
>  If we get a good response, we will proceed with development and work with
> the community on details.
>
>   Thanks,

> Ryan
>
> ________________________________
> This transmission may contain information that is privileged, confidential,
> and/or exempt from disclosure under applicable law. If you are not the
> intended recipient, you are hereby notified that any disclosure, copying,
> distribution, or use of the information contained herein (including any
> reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
> in error, please immediately contact the sender and destroy the material in
> its entirety, whether in electronic or hard copy format.
>
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>

[Attachment #5 (text/html)]

<div class="gmail_quote">On Fri, Jun 3, 2011 at 5:44 PM, Ryan Barnett <span \
dir="ltr">&lt;<a href="mailto:RBarnett@trustwave.com">RBarnett@trustwave.com</a>&gt;</span> \
wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; \
border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> I wanted to run an \
idea past the community to see if there would be enough interest in pursing this \
concept further.  Please refer to this project by Arbor Networks - <a \
href="http://www.arbornetworks.com/fingerprint-sharing-alliance.html" \
target="_blank">http://www.arbornetworks.com/fingerprint-sharing-alliance.html</a><br>


<br>
This is the key description paragraph -<br>
<br>
&quot;Attack resolution requires real-time cooperation and coordination between \
service providers to identify a compromised or infected system as close to the \
absolute Internet ingress as possible. The community of service providers that are \
participating in the Fingerprint Sharing Alliance will be sharing cyber attack \
profiles, or &quot;fingerprints&quot; to stop attacks more quickly and closer to the \
source. This is the first time worldwide telecommunications companies have been able \
to share attack profiles automatically, allowing providers to consistently protect \
one another and their customers from today&#39;s distributed threats.&quot;<br>

<br>
What I am interested in doing it creating an automated method for users to submit \
&quot;fingerprints&quot; of malicious attacks they have seen on their sites so that \
other ModSecurity users can quickly download those rules and use them to protect \
their sites.  I don&#39;t want to dive too deep into the technical details of \
&quot;how&quot; at this point.<br>

<br>
What I want to know is the following -<br>
<br>
 1.  Is this something that you would use?<br></blockquote><div>Yes . I have some \
dubt on the possibility of false positive and how to mitigate this \
risk.<br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; \
border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">

 2.  Is this something that you would participate in by submitting \
fingerprints?<br></blockquote><div>Yes<br><br>Thanks very much<br> \
<br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; \
border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">

<br>
Please respond to this email thread if you are interested in this concept.  If we get \
a good response, we will proceed with development and work with the community on \
details.<br> <br></blockquote><div>  Thanks,<br></div><blockquote class="gmail_quote" \
style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); \
padding-left: 1ex;"> Ryan<br>
<br>
________________________________<br>
This transmission may contain information that is privileged, confidential, and/or \
exempt from disclosure under applicable law. If you are not the intended recipient, \
you are hereby notified that any disclosure, copying, distribution, or use of the \
information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. \
If you received this transmission in error, please immediately contact the sender and \
destroy the material in its entirety, whether in electronic or hard copy format.<br>

<br>
_______________________________________________<br>
Owasp-modsecurity-core-rule-set mailing list<br>
<a href="mailto:Owasp-modsecurity-core-rule-set@lists.owasp.org">Owasp-modsecurity-core-rule-set@lists.owasp.org</a><br>
 <a href="https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set" \
target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set</a><br>
 </blockquote></div><br>



------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Discover what all the cheering's about.
Get your free trial download today. 
http://p.sf.net/sfu/quest-dev2dev2 

_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/spiderLabs.php


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic