Thread-topic: [WEB SECURITY] Call for Participation - WASC Distributed Open Proxy Honeypot Project
> -----Original Message-----
> From: Ryan Barnett [mailto:rcbarnett@xxxxxxxxx]
> Sent: Sunday, January 14, 2007 12:30 AM
> To: Web Security
> Subject: [WEB SECURITY] Call for Participation - WASC
> Distributed Open Proxy Honeypot Project
>
> Happy New Year Everyone!
> Seeing as this project deals directly with capturing current
> web attacks, I thought that you all would be interested. We
> are looking for people who would be willing to deploy a
> specially configured VMware honeypot sensor as part of our
> project. We are looking for many diverse networks for
> deployment - home users, commercial, acedemic, ISP, etc...
>
> Please review the updated webpages on the WASC website -
>
>
>
> inal.doc
>
> We have completed internal testing of the architecture and
> are ready to widen the scope of participation to include more
> sensors. I have updated the VMware honeypot host image so
> that it includes ModSecurity 2.0 and also uses the
> ModSecurity Core Rule Set for detection/prevention of web
> attacks. Since we are using ModSecurity, the Core Rules and
> the ModSecurity Console, I suggest that you review the
> documentation at the ModSecurity website (
> ) if you are
> unfamiliar with these applications.
>
> If you would like to participate in this project, please
> contact me directly for Registration. I will need the
> following information -
>
> 1) Your name
> 2) The email address you would like to use for WASC to
> contact you with any issues/updates
> 3) The internet accessible IP address that you plan to use
> for the honeypot
> 4 ) The Geo Location of your honeypot (Country/State/Province/City)
> 5) Network Block Owner.
>
> With this information, I will then create a Sensor profile in
> the centralized logging host (running the ModSecurity
> Console). Once your account is created, I will send you back
> an email with the following information -
>
> 1) The URL link to download the VMware honeypot image.
> 2) The root password for the image.
> 3) The username/password credentials that you will need to
> use with the ModSecurity logc program. Without these
> credentials, you will not be able to submit your logs to the
> central host.
> 4) Steps for updating the image which include - setting the
> timezone info, verifying NTP is running, verifying DHCP
> worked, starting Apache, editing the logc.conf file, etc...
>
>
> Thanks.
> --
> Ryan C. Barnett
> Breach Security: Director of Application Security Training
> Web Application Security Consortium (WASC) Member
> CIS Apache Benchmark Project Lead
> SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
> Author: Preventing Web Attacks with Apache
>
