Re: Apache attacks

• Previous message: Gideon T. Rasmussen, CISSP, CISA, CISM, CFSO, SCSA: "Solaris auditing/hardening"
• Maybe in reply to: Kenny: "Apache attacks"
• Next in thread: Ty Bodell: "Re: Apache attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: security-basics@securityfocus.com
Date: Mon, 31 Jan 2005 12:42:08 +0100

Hi Kenny,

Other than the useful answers you got so far regarding checking your
machine to detect if the xploit was successful or not, I think that no one
answered your question about detection and proactive approach.
You can investigate Snort (www.snort.org) as the NIDS part, and some of
their add-ons (same site) for the proactive side.
Cheers,

Miguel Dilaj (Nekromancer)
Vice-President of IT Security Research, OISSG

Kenny <kenny@codez.co.uk>
26/01/2005 20:56

 
        To: security-basics@securityfocus.com
        cc: (bcc: Miguel Dilaj/PH/Novartis)
        Subject: Apache attacks

{snip}
Also, has anyone got any scripts that can detect attacks against apache
and ban the ip for a period of time?
{snip}

• Previous message: Gideon T. Rasmussen, CISSP, CISA, CISM, CFSO, SCSA: "Solaris auditing/hardening"
• Maybe in reply to: Kenny: "Apache attacks"
• Next in thread: Ty Bodell: "Re: Apache attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]