Mailinglist Archive: opensuse-security (145 mails)

< Previous Next >
Re: [suse-security] Detection of DoS Attacks on Webserver
  • From: Markus Roth <mroth@xxxxxxxxxx>
  • Date: Tue, 16 Nov 2004 20:32:41 +0100
  • Message-id: <419A55D9.9070607@xxxxxxxxxx>
Togan Muftuoglu wrote:

* Markus Roth; <mroth@xxxxxxxxxx> on 13 Nov, 2004 wrote:

Hi!

an other thing which would be very interesting is if somebody has logfiles where script kiddies tried to bring down a web server with lots of requests to cpu intensive dynamic pages or got attacked in an other way.

if you think i'm running in the wrong direction with this project or have other things on your mind which i should consider, please let my know!



Have you looked at modsecurity http://www.modsecurity.org

thanks for the hint!

i didn't found modsecurity when i was looking for existing work in this area. modsecurity looks very good (and i had almost a cardiac arrest when i saw the pretty page and thougt all my work is for /dev/null, sombody else did it before ;-). now i'm quite glad that i saw that modsecurity does something diffrent than i do. modsecurity looks for all kind of injection or other misuse attacks using known patterns, my system should detect (D)DoS attacks that target the machines cpu, memory, bandwidth and such stuff unsing anomaly detection.

regards markus


< Previous Next >
Follow Ups