[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] consistently pounded
- Subject: Re: [cobalt-security] consistently pounded
- From: Adam Crews <doo@xxxxxxxxxx>
- Date: Tue, 23 May 2000 20:41:39 -0700 (PDT)
This sort of thing is usually handled above the application level. I have
my firewall configured to do this sort of thing, but not for the http
port ( I do it on pop, imap and ssh). It is difficult to determine what
is an attack and what is legitimate traffic.
It shouldnt be too hard to write a little program in perl to monitor the
logs, and automatically fix up the .htaccess files if certian conditions
happen...
-Adam
On Tue, 23 May 2000, Theodore Jones wrote:
| Date: Tue, 23 May 2000 20:21:57 -0700
| From: Theodore Jones <theoj@xxxxxxxxxxxxx>
| Reply-To: cobalt-security@xxxxxxxxxxxxxxx
| To: cobalt-security@xxxxxxxxxxxxxxx
| Subject: Re: [cobalt-security] consistently pounded
|
|
| So why isn't there a siimple way to have a script watch the error log report
| and just add certain IP numbers to the hosts.deny file...?
|
| ~ Theo
|
|
|
| Adam Crews wrote:
|
| > On Tue, 23 May 2000, Theodore Jones wrote:
| >
| > | >
| > | > 2) You can install tcp wrappers (you really ought to have
| > | > 'em running anyway), configure them to monitor the httpd port and
| > | > add the bums to your hosts.deny file.
| >
| > I would strongly discourage tcp wrappers on the http port. You will get a
| > huge performance hit. one of the ways that a web server an be so fast is
| > because it has several daemons running and waiting for connections. If
| > you tcpwrapper this, you can no longer do this. Now, before the web
| > daemon can even start up, it must pass the tcpwrappers, then it must load
| > and parce the http config file (very slow if you have virtual hosts), and
| > finally the http daemon wont take advantage of the ability to do multiple
| > requests down a single connection. Every request for an image, page,
| > ect.. will result in a tcpwrapper lookup, and the spawning of another http
| > daemon. Also if you have any dns slowness at all, tcpwrappers will take
| > to long to spawn the web daemon.
| >
| > -Adam
| >
| > _______________________________________________
| > cobalt-security mailing list
| > cobalt-security@xxxxxxxxxxxxxxx
| > http://list.cobalt.com/mailman/listinfo/cobalt-security
|
|
| _______________________________________________
| cobalt-security mailing list
| cobalt-security@xxxxxxxxxxxxxxx
| http://list.cobalt.com/mailman/listinfo/cobalt-security
|