[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] consistently pounded

Subject: Re: [cobalt-security] consistently pounded
From: Adam Crews <doo@xxxxxxxxxx>
Date: Tue, 23 May 2000 20:48:26 -0700 (PDT)

On Tue, 23 May 2000, Brent Sims wrote:

  | Date: Tue, 23 May 2000 21:27:56 -0600 (MDT)
  | From: Brent Sims <brent@xxxxxxxxxxx>
  | Reply-To: cobalt-security@xxxxxxxxxxxxxxx
  | To: cobalt-security@xxxxxxxxxxxxxxx
  | Subject: Re: [cobalt-security] consistently pounded
  | 
  | On Tue, 23 May 2000, Theodore Jones so wrote:
  | 
  | } So why isn't there a siimple way to have a script watch the error log report
  | } and just add certain IP numbers to the hosts.deny file...?
  | 
  | 	I have not actually looked at the configuration file but tcp
  | wrappers does not watch the httpd port by default.

It would also reqire a change in the way http is run.

  | 
  | } > I would strongly discourage tcp wrappers on the http port. You will get a
  | } > huge performance hit.  one of the ways that a web server an be so fast is
  | } > because it has several daemons running and waiting for connections.
  | 
  | 	While the performance hit is indeed correct, the attack, as
  | I understand things, exists in real time. Thus the choice is to sit
  | back and watch hoping for the best, or to take some form of
  | proactive action. 
  | 

The best option that was mentioned is to add the 
deny ip.ip.ip.ip 
to the .htaccess file.

this will just deny them all together and not even put up the passwd
prompt on the client end.

-adam

References:
- Re: [cobalt-security] consistently pounded
  - From: Brent Sims

Prev by Date: Re: [cobalt-security] consistently pounded
Next by Date: RE: [cobalt-security] SSH RSA Authentication on Raq2
Previous by thread: Re: [cobalt-security] consistently pounded
Next by thread: Re: [cobalt-security] consistently pounded

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index