Mailinglist Archive: opensuse-security (145 mails)

< Previous Next >
Re: [suse-security] Detection of DoS Attacks on Webserver
  • From: Markus Roth <mroth@xxxxxxxxxx>
  • Date: Wed, 17 Nov 2004 13:20:18 +0100
  • Message-id: <419B4202.4020008@xxxxxxxxxx>
thanks again

this one i like very much! my project is actually based on the idea of mod_dosevasive. when i started my work, i reviewed the code of mod_dosevasive. i found some things that i didn't liked very much and tried to contact the author. i never got an answer so i decided to start an own project. mod_dosevasive is pretty basic. it is absolutly static, it just looks if more then X requests are comming from the same ip in Y seconds (or if Z requests hit the same URL in T seconds). this module is quite good to defeat attacks but you will get a huge amount of false positives. it is not able to recognize a users behaviour it just counts requests.

regards markus


Togan Muftuoglu wrote:

* Markus Roth; <mroth@xxxxxxxxxx> on 16 Nov, 2004 wrote:

thanks for the hint!


I am not so sure if you are going to like this second link though
http://www.nuclearelephant.com/projects/dosevasive/





< Previous Next >