Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Monitoring for Sober.Y with Squid and swatch
From: "Gaddis, Jeremy L." <jeremy () linuxwiz net>
Date: Thu, 05 Jan 2006 22:35:21 -0500

Here's an article I just wrote up real quick on how to monitor for Sober.Y HTTP activity (set to begin at midnight 06-Jan-2006) using the Squid proxy server and swatch.

Example configurations are provided. These are the swatch config entries that I am using for monitoring Squid's access.log files for (some of?) the hosts that Sober.Y is known to utilize and send alerts to my e-mail and company pager.

I took the hosts from SANS' list on ISC. If there are any hosts that I've missed, please do let me know.

The article can be found at http://www.jeremygaddis.com/


Jeremy L. Gaddis, GCWN, Linux+, Network+
LinuxWiz Consulting
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Monitoring for Sober.Y with Squid and swatch Gaddis, Jeremy L. (Jan 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]