On Fri, Jun 3, 2011 at 5:44 PM, Ryan Barnett <[email protected]> wrote:
> I wanted to run an idea past the community to see if there would be enough > interest in pursing this concept further. Please refer to this project by > Arbor Networks - > http://www.arbornetworks.com/fingerprint-sharing-alliance.html > > This is the key description paragraph - > > "Attack resolution requires real-time cooperation and coordination between > service providers to identify a compromised or infected system as close to > the absolute Internet ingress as possible. The community of service > providers that are participating in the Fingerprint Sharing Alliance will be > sharing cyber attack profiles, or "fingerprints" to stop attacks more > quickly and closer to the source. This is the first time worldwide > telecommunications companies have been able to share attack profiles > automatically, allowing providers to consistently protect one another and > their customers from today's distributed threats." > > What I am interested in doing it creating an automated method for users to > submit "fingerprints" of malicious attacks they have seen on their sites so > that other ModSecurity users can quickly download those rules and use them > to protect their sites. I don't want to dive too deep into the technical > details of "how" at this point. > > What I want to know is the following - > > 1. Is this something that you would use? > Yes . I have some dubt on the possibility of false positive and how to mitigate this risk. > 2. Is this something that you would participate in by submitting > fingerprints? > Yes Thanks very much > > Please respond to this email thread if you are interested in this concept. > If we get a good response, we will proceed with development and work with > the community on details. > > Thanks, > Ryan > > ________________________________ > This transmission may contain information that is privileged, confidential, > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is STRICTLY PROHIBITED. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
