[WEB SECURITY] Call for Participation - WASC Distributed Open Proxy Honeypot Project

["Ryan Barnett" <rcbarnett@xxxxxxxxx>]

------=_Part_47877_27612545.1168723813264
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Happy New Year Everyone!
Seeing as this project deals directly with capturing current web attacks, I
thought that you all would be interested.  We are looking for people who
would be willing to deploy a specially configured VMware honeypot sensor as
part of our project.  We are looking for many diverse networks for
deployment - home users, commercial, acedemic, ISP, etc...

Please review the updated webpages on the WASC website -
http://www.webappsec.org/projects/honeypots/
http://www.webappsec.org/projects/honeypots/faq.shtml
http://honeypots.sourceforge.net/WASC_Project_Proxy_Honeypot_Final.doc

We have completed internal testing of the architecture and are ready to
widen the scope of participation to include more sensors.  I have updated
the VMware honeypot host image so that it includes ModSecurity 2.0 and also
uses the ModSecurity Core Rule Set for detection/prevention of web attacks.
Since we are using ModSecurity, the Core Rules and the ModSecurity Console,
I suggest that you review the documentation at the ModSecurity website (
http://www.modsecurity.org/projects/index.html) if you are unfamiliar with
these applications.

If you would like to participate in this project, please contact me directly
for Registration.  I will need the following information -

1) Your name
2) The email address you would like to use for WASC to contact you with any
issues/updates
3) The internet accessible IP address that you plan to use for the honeypot
4 ) The Geo Location of your honeypot (Country/State/Province/City)
5) Network Block Owner.

With this information, I will then create a Sensor profile in the
centralized logging host (running the ModSecurity Console).  Once your
account is created, I will send you back an email with the following
information -

1) The URL link to download the VMware honeypot image.
2) The root password for the image.
3) The username/password credentials that you will need to use with the
ModSecurity logc program.  Without these credentials, you will not be able
to submit your logs to the central host.
4) Steps for updating the image which include - setting the timezone info,
verifying NTP is running, verifying DHCP worked, starting Apache, editing
the logc.conf file, etc...

Thanks.
-- 
Ryan C. Barnett
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache

------=_Part_47877_27612545.1168723813264
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<div>Happy New Year Everyone!</div>
<div>Seeing as this project deals directly with capturing current web attacks, I thought that you all would be interested.&nbsp; We are looking for people who would be willing to deploy a specially configured VMware honeypot sensor as part of our project.&nbsp; We are looking for&nbsp;many diverse networks for deployment - home users, commercial, acedemic, ISP, etc... 
</div>
<div>&nbsp;</div>
<div>Please review the updated webpages on the <span name="st">WASC</span> website -</div>
<div><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.webappsec.org/projects/honeypots/"; target="_blank">http://www.webappsec.org/projects/honeypots/</a></div>
<div><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.webappsec.org/projects/honeypots/faq.shtml"; target="_blank">http://www.webappsec.org/projects/honeypots/faq.shtml</a></div>
<div><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://honeypots.sourceforge.net/WASC_Project_Proxy_Honeypot_Final.doc"; target="_blank">http://honeypots.sourceforge.net/WASC_Project_Proxy_Honeypot_Final.doc
</a></div>
<div>&nbsp;</div>
<div>We have completed internal testing of the architecture and are ready to widen the scope of participation to include more sensors.&nbsp; I have updated the VMware honeypot host image so that it includes ModSecurity 2.0 and also uses the ModSecurity Core Rule Set for detection/prevention of web attacks.&nbsp; Since we are using ModSecurity, the Core Rules and the ModSecurity Console, I suggest that you review the documentation at the ModSecurity website ( 
<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.modsecurity.org/projects/index.html"; target="_blank">http://www.modsecurity.org/projects/index.html</a>) if you are unfamiliar with these applications.
</div>
<div>&nbsp;</div>
<div>If you would like to participate in this project, please contact me directly for Registration.&nbsp; I will need&nbsp;the following information - </div>
<div>&nbsp;</div>
<div>1) Your name</div>
<div>2) The email address you would like to use for&nbsp;WASC to contact you with any issues/updates</div>
<div>3) The internet accessible IP address that you plan to use for the honeypot</div>
<div>4 ) The Geo Location of your honeypot (Country/State/Province/City)</div>
<div>5) Network Block Owner.</div>
<div>&nbsp;</div>
<div>With this information, I will then create a Sensor profile in the centralized logging host (running the ModSecurity Console).&nbsp; Once your account is created, I will send you back an email with the following information - 
</div>
<div>&nbsp;</div>
<div>1) The URL link to download the VMware honeypot image.</div>
<div>2) The root password for the image.</div>
<div>3) The username/password credentials that you will need to use with the ModSecurity logc program.&nbsp; Without these credentials, you will not be able to submit your logs to the central host.</div>
<div>4) Steps for updating the image which include - setting the timezone info, verifying NTP is running, verifying DHCP worked, starting Apache, editing the logc.conf file, etc...<br clear="all"></div>
<div>&nbsp;</div>
<div>Thanks.<br>-- <br>Ryan C. Barnett<br>Breach Security: Director of Application Security Training<br>Web Application Security Consortium (WASC) Member<br>CIS Apache Benchmark Project Lead<br>SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
<br>Author: Preventing Web Attacks with Apache </div>

------=_Part_47877_27612545.1168723813264--