FYI - http://blog.spiderlabs.com/2012/02/wasc-distributed-web-honeypots-project-update.html
By the way – we have options for adding Apache config updates to your existing Apache/ModSecurity installs that will allow you to participate. Essentially, you can have Apache listen on some new, unused ports (like 8000, 8080 and 8888) and then anything that comes into those ports is considered "honeypot traffic" and the ModSecurity audit log data can be forwarded to the WASC central log hosts by using SecAuditLog2 directive with a separate mlogc.conf file. If anyone is interested in participating, please let me know. -- Ryan Barnett Senior Security Researcher Trustwave - SpiderLabs Email: rbarn...@trustwave.com www.trustwave.com ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
