My next class:

Analyzing isc.sans.org weblogs, part 2, RFI attacks

Published: 2010-01-29. Last Updated: 2010-01-29 04:30:13 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

The 2nd part of the "Weathering the Storm" blog series is now live [1]. In this series, I am looking at our web logs from isc.sans.org for attacks.

I picked Remote File Inclusion (RFI) attacks because we are getting thousands a day. Just take a quick look at our web honeypot project [2]. Most of the attacks we detect are RFI attacks.

[1] http://blogs.sans.org/appsecstreetfighter/2010/01/29/weathering-the-storm-part-2-a-day-of-weblogs-at-the-internet-storm-center/
[2] http://isc.sans.org/weblogs/

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: logs php rfi webattacks
0 comment(s)
My next class:

Comments


Diary Archives