On Thu, Oct 10, 2013 at 10:01 PM, Aaron Bedra <aaron.be...@gmail.com> wrote:
> Thanks Josh! > > I implemented it into the backend of my Repsheet project > > https://github.com/repsheet/backend/blob/master/src/ofdp.c > > That's great! Since my initial announcement I've added C&C malware IPs (specifically Zeus and Spyeye) as well as significantly increased the number of open proxies tracked. Let me know if I can be of any help. Thanks, -- - Josh > > On Mon, Sep 30, 2013 at 7:49 AM, Josh Amishav-Zlatin <jam...@owasp.org>wrote: > >> After years of running WAFs using the Core Rule Set I wanted a way to >> detect >> known malicious users before they get a chance to send their attack >> payloads. >> Normally, when an attacker sends their payload, the contents of the >> request are checked via ModSecurity using the Core Rule Set (CRS). The CRS >> is essentially a large black list which means that the payload either >> matches or passes. There >> is no middle ground. Attackers normally perform reconnaissance before they >> attack which may or may not contain malicious payloads. Ideally we want >> to stop >> known malicious attackers as early as possible, i.e. via an IP reputation >> background check, and not wait for them to send their attack. >> >> As a result, I started on the Open Fraud Detection Project (OFDEP) which >> aims at >> providing a free community supported API that ModSecurity can query to >> receive >> a score indicating the odds that a given user / transaction is bad. The >> WAF can >> then make a decision on how to proceed based on the score. At the moment >> the >> API is Beta quality and supports IP, email address and username lookups. >> Query >> results are currently returned in XML but JSON will be supported shortly. >> The >> most common use cases that I tried to cover are: >> >> o IP reputation >> o comment spam >> o account creation fraud >> >> For specific API details see: http://wafsec.com/api.html >> >> -- >> - Josh >> >> >> ------------------------------------------------------------------------------ >> October Webinars: Code for Performance >> Free Intel webinars can help you accelerate application performance. >> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most >> from >> the latest Intel processors and coprocessors. See abstracts and register > >> >> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk >> _______________________________________________ >> mod-security-users mailing list >> mod-security-us...@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> > > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most > from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-users mailing list > mod-security-us...@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
