httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "KAN NAN" <>
Subject RE: [users@httpd] Request !
Date Wed, 03 Sep 2003 13:25:28 GMT
<html><div style='background-color:'><DIV>
<P><BR>Hi Mr. Samuel,</P>
<P>I accept your points, Using GID I can very well prevent certain IP-Addresses, but
I dont think this will be a permanent solution for this. Say for example, Iam providing access
only for IP addresses from Europe. Ofcourse, it will solve the problem if the users are out
of Europe, what if any person from Europe tries to do the same kind of webcrawling.</P>
<P>Please have a look at this url : <A href=""></A>,
there it is mentioned that their website is protected from such attacks. I am still searching
for the solution, how to prevent such things.</P>
<DIV></DIV>&gt;From: "Gold, Samuel (Contractor)" <GOLDS@NCR.DISA.MIL>
<DIV></DIV>&gt;Subject: RE: [users@httpd] Request ! 
<DIV></DIV>&gt;Date: Wed, 3 Sep 2003 08:22:03 -0400 
<DIV></DIV>&gt;This was sent to the list yesterday by Geoffery. 
<DIV></DIV>&gt;Actually, I would suggest placing a GIDS (gateway IDS) in front
of the 
<DIV></DIV>&gt;box. Something like the Inline patches to snort or hogwash
would take 
<DIV></DIV>&gt;care of this. A firewall will still allow hostile web traffic
through to 
<DIV></DIV>&gt;the web server. However, a GIDS watches the traffic and if
a signature 
<DIV></DIV>&gt;is matched it will take action against that traffic - even
though the 
<DIV></DIV>&gt;traffic is for a legitimate service. 
<DIV></DIV>&gt;Geoffrey Bennett <GEOFFREY@TICOM.COM>
<DIV></DIV>&gt;Sam Gold 
<DIV></DIV>&gt;-----Original Message----- 
<DIV></DIV>&gt;From: KAN NAN [] 
<DIV></DIV>&gt;Sent: Wednesday, September 03, 2003 8:24 AM 
<DIV></DIV>&gt;Subject: [users@httpd] Request ! 
<DIV></DIV>&gt;Dear Friends, 
<DIV></DIV>&gt;We have a web-system using Apache web server and Jserv(servlet
<DIV></DIV>&gt;running on windows 2000. Our system was attempted to hack from
some people. 
<DIV></DIV>&gt;Iam very sure they were using telnet to access the port 80
of my webserver. 
<DIV></DIV>&gt;I really dont know what was their intention. Server started
giving Internal 
<DIV></DIV>&gt;server error, immediately after their request. It affected
us a lot. 
<DIV></DIV>&gt;Can any one tell me how I can prevent such kind of attacks,
Or how I can 
<DIV></DIV>&gt;block entire telnet request into my web system. I tried filtering
<DIV></DIV>&gt;string in the header, it didn't work, I tried using telnet
to generate a 
<DIV></DIV>&gt;http request by giving input for User-Agent as Mozilla/4.0.....,
<DIV></DIV>&gt;accepted, so there is no way that I can filter using User-Agent,
they can 
<DIV></DIV>&gt;easily pretend as if the request is from a normal browser.

<DIV></DIV>&gt;anticipating your replies, 
<DIV></DIV>&gt;Need a naukri? Your search ends here. 50,000 of the best jobs!

<DIV></DIV>&gt;official User-To-User support forum of the Apache HTTP Server
Project. See 
<DIV></DIV>&gt;for more info. To unsubscribe, e-mail:
<DIV></DIV>&gt;from the digest:
For additional 
<DIV></DIV>&gt;commands, e-mail: 

<DIV></DIV>&gt;The official User-To-User support forum of the Apache HTTP
Server Project. 
<DIV></DIV>&gt;See <URL:http: userslist.html>for more
<DIV></DIV>&gt;To unsubscribe, e-mail:

<DIV></DIV>&gt; " from the digest:

<DIV></DIV>&gt;For additional commands, e-mail:

<DIV></DIV></URL:http:></div><br clear=all><hr>Access
Hotmail from your mobile now. <a href="">Click here.</a>

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message