Monthly Archives: May 2006

Log analysis for intrusion detection

I just released the document Log analysis for Intrusion Detection at the ossec web site. It shows how some threats can be detected by correlating specific patterns on web logs, proxy logs and authentication logs..” Log analysis is one of … Continue reading

Posted in log analysis | Leave a comment

OSSEC presentation

Ahmet Ozturk, one of OSSEC developers, spoke about OSSEC (Capabilities, Architecture and plans) at the 5th Linux and Free Software Festival (Ankara / Turkey). His presentation in English is available bellow: http://www.ossec.net/en/manual.html#others http://www.ossec.net/ossec-docs/ossec-hids_oahmet_eng.pdf Good work Ahmet!

Posted in ossec | Leave a comment

High volume of web (mambo) scans.

Since Thursday night I’m seeing a high volume of scans on different web servers for possibly the following vulns: http://secunia.com/advisories/14337/ http://www.osvdb.org/displayvuln.php?osvdb_id=10180 However, they say the problem is on function.php and I’m seeing them on index.php. Can anyone confirm that? Some … Continue reading

Posted in log analysis, ossec | Leave a comment