[WEB SECURITY] Call for Participation - WASC Distributed Open Proxy Honeypot Project
rcbarnett at gmail.com
Sat Jan 13 16:30:13 EST 2007
Happy New Year Everyone!
Seeing as this project deals directly with capturing current web attacks, I
thought that you all would be interested. We are looking for people who
would be willing to deploy a specially configured VMware honeypot sensor as
part of our project. We are looking for many diverse networks for
deployment - home users, commercial, acedemic, ISP, etc...
Please review the updated webpages on the WASC website -
We have completed internal testing of the architecture and are ready to
widen the scope of participation to include more sensors. I have updated
the VMware honeypot host image so that it includes ModSecurity 2.0 and also
uses the ModSecurity Core Rule Set for detection/prevention of web attacks.
Since we are using ModSecurity, the Core Rules and the ModSecurity Console,
I suggest that you review the documentation at the ModSecurity website (
http://www.modsecurity.org/projects/index.html) if you are unfamiliar with
If you would like to participate in this project, please contact me directly
for Registration. I will need the following information -
1) Your name
2) The email address you would like to use for WASC to contact you with any
3) The internet accessible IP address that you plan to use for the honeypot
4 ) The Geo Location of your honeypot (Country/State/Province/City)
5) Network Block Owner.
With this information, I will then create a Sensor profile in the
centralized logging host (running the ModSecurity Console). Once your
account is created, I will send you back an email with the following
1) The URL link to download the VMware honeypot image.
2) The root password for the image.
3) The username/password credentials that you will need to use with the
ModSecurity logc program. Without these credentials, you will not be able
to submit your logs to the central host.
4) Steps for updating the image which include - setting the timezone info,
verifying NTP is running, verifying DHCP worked, starting Apache, editing
the logc.conf file, etc...
Ryan C. Barnett
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity