[Owasp-modsecurity-core-rule-set] Fingerprint Sharing Alliance for ModSecurity Users
yersinia.spiros at gmail.com
Fri Jun 3 11:55:49 EDT 2011
On Fri, Jun 3, 2011 at 5:44 PM, Ryan Barnett <RBarnett at trustwave.com> wrote:
> I wanted to run an idea past the community to see if there would be enough
> interest in pursing this concept further. Please refer to this project by
> Arbor Networks -
> This is the key description paragraph -
> "Attack resolution requires real-time cooperation and coordination between
> service providers to identify a compromised or infected system as close to
> the absolute Internet ingress as possible. The community of service
> providers that are participating in the Fingerprint Sharing Alliance will be
> sharing cyber attack profiles, or "fingerprints" to stop attacks more
> quickly and closer to the source. This is the first time worldwide
> telecommunications companies have been able to share attack profiles
> automatically, allowing providers to consistently protect one another and
> their customers from today's distributed threats."
> What I am interested in doing it creating an automated method for users to
> submit "fingerprints" of malicious attacks they have seen on their sites so
> that other ModSecurity users can quickly download those rules and use them
> to protect their sites. I don't want to dive too deep into the technical
> details of "how" at this point.
> What I want to know is the following -
> 1. Is this something that you would use?
Yes . I have some dubt on the possibility of false positive and how to
mitigate this risk.
> 2. Is this something that you would participate in by submitting
Thanks very much
> Please respond to this email thread if you are interested in this concept.
> If we get a good response, we will proceed with development and work with
> the community on details.
> This transmission may contain information that is privileged, confidential,
> and/or exempt from disclosure under applicable law. If you are not the
> intended recipient, you are hereby notified that any disclosure, copying,
> distribution, or use of the information contained herein (including any
> reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
> in error, please immediately contact the sender and destroy the material in
> its entirety, whether in electronic or hard copy format.
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-modsecurity-core-rule-set