Mailinglist Archive: opensuse-security (145 mails)
|< Previous||Next >|
- From: "ISC. Jesús Alfredo Barreiro noh" <jbarnoh@xxxxxxxxxxxxx>
- Date: Tue, 16 Nov 2004 09:54:50 -0600
- Message-id: <012d01c4cbf4$9ae58b90$b51ad194@dgdamovil01>
De: suse@xxxxxxxxxxxx [mailto:suse@xxxxxxxxxxxx]
Enviado el: Sunday, November 14, 2004 3:42 PM
Asunto: Re: [suse-security] Detection of DoS Attacks on Webserver
> > Your idea seems very handy for doing forensic analysis,
> > after a HTTP-DoS/DDoS attack.
> actually one can nip such in the bud and tell others.
did not realise the method Markus was using was almost in
> > I think that IPTables firewall could be used to help
> > limit or prevent such attacks from occuring.
> Alas such solution is quite linux-specific. This problem is of far
> scope. Even if you argue to leave Microsoft users of IIS to their fate
> apache runs on far more than Linux.
Yes - agreed. Markus idea of using the web server logs is
alot more practical - and also should work with any
webserver logs, and firewall that supports dymamic
loading/unloading of firewall rules!
I had ideas on implementing something at a packet filtering
level, that would also be possible to implement in main IP
backbone routers - by doing some sort of intelligent
filtering as close to the source of the DoS attack as
> > I think it should be possible to write a module that will
> > que incoming packets in userland memory. The packets can
> > then be inspected for certain clues that would be indicative
> > of a HTTP-DoS attack.
> very apache-specific. Furthermore, the API may well change -- indeed
> module work on v1 and v2 apache? no.
ditto as above
Regards - Keith Roberts
Will read & study and reply to Markus's email soon!
Starting to formulate some ideas for his version of DoS
attack prevention - this could even turn into something of
practical use, when Markus has finished his thesis!
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here
|< Previous||Next >|