Re: Apache attacks
bernie_at_e-mich.com
Date: 01/28/05
- Previous message: Depp, Dennis M.: "RE: RPC over HTTP security"
- In reply to: Bernie Johnson: "Re: Apache attacks"
- Next in thread: KillKenny: "Re: Apache attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Jan 2005 21:15:03 -0500 To: Bernie Johnson <bernie@e-mich.com>
Kenny,
Another thing you might want to look at it Dshield.org, this is a upadted dailt
list of subnets around the world that are know for hack attempts and other
types of un-ethical network activity.
The link I sent you earlier to www.rfxnetworks.com has APF the Advanced
Protection Firewall in the projects link. This firewall can be set up to
update this list every day and block those networks from your network. It also
has a module for BFD Brute Force Detection that will block IP's or subnets that
try to brute force you SSH and FTP. This firewall is based on IPtables, which
I would bcome real familiar with if you want to protect your network, if you
find APF to be to daunting at first try KISS firewall
http://www.geocities.com/steve93138/ or Firestarter
http://www.fs-security.com/. Some people prefer Firestarter as it works with a
GUI and requires GTK.
These will be great tools in trying to keep the script kiddies out and the other
more serious intrusions. But like any firewal they are never 100% and it takes
allot of tools to keep your network safe. Also remember security is a trade of
between ease of use and protection.
Just my 2 cents
B.Johnson
Quoting Bernie Johnson <bernie@e-mich.com>:
> Kenny,
>
> Look at www.rfxnetworks.com and get APF, BFD and look at the other
> scripts there. This should od what you want and need.
>
> B. Johnson
>
>
>
> On Wed, 2005-01-26 at 15:56, Kenny wrote:
> > Hi List,
> >
> > Long time reader, first time poster..
> >
> > My server crashed yesturday and I had to restart it, to get it going
> > again. Now everything seems ok, however looking at my
> > /var/log/httpd/access_log.1 shows a visitor to the website posting some
> > big chunks of exploit code (containing a massive nop sled).
> > How do I know if this attacker actually got in or not?
> >
> > This is a redhat fedora core 2 box, and I would describe myself as an
> > "intermediate" linux user.
> >
> > Also, has anyone got any scripts that can detect attacks against apache
> > and ban the ip for a period of time?
> >
> > I will post the exploit on request.
> >
> > Thanks, Kenny
> --
>
>
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
- Previous message: Depp, Dennis M.: "RE: RPC over HTTP security"
- In reply to: Bernie Johnson: "Re: Apache attacks"
- Next in thread: KillKenny: "Re: Apache attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
