Hello, I just wanted to share something that I concocted while writing my Master's thesis (which was supervised by author of SEC, Risto Vaarandi). It is essentially a ruleset which can be used as a log-based IPS, along with framework around it which should help anyone to choose and implement the system components. The rules can be applied on a logging server to identify common exploit patterns and ideally block the attacks in real time (I personally use bash scripts over SSH to enter the extracted IP into iptables firewall).
All the relevant information can be found in the following Github repository - https://github.com/markuskont/SagittariuSEC While the ruleset was written to suit my needs, the project has been intended to be open-source from the start. So hopefully you will find the work useful. Regards, Markus ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
