Re: [fw-wiz] preventing XSS and SQL injection?

From: J. Oquendo (sil_at_infiltrated.net)
Date: 06/02/05

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
    To: firewall-wizards@honor.icsalabs.com
    Date: Thu, 2 Jun 2005 16:01:22 -0400 (EDT)
    
    

    On Thu, 2 Jun 2005, ArkanoiD wrote:

    > becuase it is too hard to convert history to a formal description. doing it
    > not smart enough will lead to necessarity of adding new patterns daily or
    > even hourly ;-)

    Too hard? Nonsense. If you say you have an assessment of normal patterns,
    a two week interval would should you enough you would need to go by to get
    some form of template going. Adding the remaining anomolies would be
    child's play. New patterns daily or even hourly? My guess is you would
    want to be more specific in your question. Is this web traffic only, does
    it include say VOIP traffic, messenger(s) traffic, DHCP traffic, tunnels.

    For httpd based injection I use mod_security, and I also use
    mod_dosevasive which work just fine. Need a sample mod_security conf you
    could see all the nifty little annoying rules I added to this machine:

    www.infiltrated.net/modsecrules

    Good luck there are crapload. And you're on your own viewing redirected
    URL's... (You've been warned).

    mod_security for httpd works wonders. As for the firewall level, IDS
    level, I'm sure if you took the time you could get it working by taking a
    snapshot. Anything else sounds like an excuse to avoid going the obvious
    route.

    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    J. Oquendo
    GPG Key ID 0x97B43D89
    http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89

    To conquer the enemy without resorting to war is the most
    desirable. The highest form of generalship is to conquer
    the enemy by strategy." - Sun Tzu
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"

    Relevant Pages

    • Re: [fw-wiz] preventing XSS and SQL injection?
      ... Again, it is reasonable approach when protecting server, but does not work ... > mod_security for httpd works wonders. ... As for the firewall level, ... The highest form of generalship is to conquer ...
      (Firewall-Wizards)
    • Re: [Full-disclosure] COX Internet Outage BS
      ... > having a nation wide problem right now, ... As for major outage? ... To conquer the enemy without resorting to war is the most ...
      (Full-Disclosure)
    • Re: OT: Another Simberg satire?
      ... To prevent an enemy from ... resurrecting itself, you conquer it totally as a conqueror, destroy ... everything, and then rebuild from scratch to your specifications, showing ... the locals that it's far better to be your friend and do things your way ...
      (sci.space.history)
    • Re: ICMP vulnerabilities
      ... and you have successfully taken an ISP off the net. ... This isn't news news, I've been tinkering with something along these ... To conquer the enemy without resorting to war is the most ...
      (Bugtraq)
    • Re: My best pipe
      ... "To conquer your enemy is to know power, to conquer your enemy is to ... ~Lao Tzu ... the "golden ratio," in addition to this- as anybody who as owned a ...
      (alt.smokers.pipes)