[Wasc-honeypots] New Honeypot Option

Ryan Barnett rcbarnett at gmail.com
Fri Nov 30 08:45:30 EST 2012


Greetings everyone,
Wanted to update you all that I have posted some new configs out to the
OWASP ModSecurity CRS repo that make it easy to turn existing web servers
into pseudo-honeypot sensors -
https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/master/util/honeypo
t_sensor

The idea is pretty simple ­ if you are already running ModSecurity on a
production Apache web server with the OWASP CRS, then you can add these
configs in.  They will have Apache listen on additional ports (8000. 8080
and 8888) and listen for traffic.  If anything is received, then the CRS
rules are applied and all traffic is logged and forwarded to our central
WASC logging host using mlogc.

If anyone wants to test this out let me know.  I would love to get more
sensors online.

Cheers,
Ryan


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-honeypots_lists.webappsec.org/attachments/20121130/c7a17ebf/attachment-0003.html>


More information about the wasc-honeypots mailing list