I wanted to run an idea past the community to see if there would be enough interest in pursing this concept further. Please refer to this project by Arbor Networks - http://www.arbornetworks.com/fingerprint-sharing-alliance.html
This is the key description paragraph - "Attack resolution requires real-time cooperation and coordination between service providers to identify a compromised or infected system as close to the absolute Internet ingress as possible. The community of service providers that are participating in the Fingerprint Sharing Alliance will be sharing cyber attack profiles, or "fingerprints" to stop attacks more quickly and closer to the source. This is the first time worldwide telecommunications companies have been able to share attack profiles automatically, allowing providers to consistently protect one another and their customers from today's distributed threats." What I am interested in doing it creating an automated method for users to submit "fingerprints" of malicious attacks they have seen on their sites so that other ModSecurity users can quickly download those rules and use them to protect their sites. I don't want to dive too deep into the technical details of "how" at this point. What I want to know is the following - 1. Is this something that you would use? 2. Is this something that you would participate in by submitting fingerprints? Please respond to this email thread if you are interested in this concept. If we get a good response, we will proceed with development and work with the community on details. Thanks, Ryan ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
