Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Apache attacks

from [bernie] Network Security [Permanent Link]
Subject: Re: Apache attacks
Date: Thu, 27 Jan 2005 21:15:03 -0500 
Kenny,

Another thing you might want to look at it Dshield.org, this is a upadted dailt
list of subnets around the world that are know for hack attempts and other
types of un-ethical network activity.

The link I sent you earlier to www.rfxnetworks.com has APF the Advanced
Protection Firewall in the projects link.  This firewall can be set up to
update this list every day and block those networks from your network.  It also
has a module for BFD Brute Force Detection that will block IP's or subnets that
try to brute force you SSH and FTP.  This firewall is based on IPtables, which
I would bcome real familiar with if you want to protect your network, if you
find APF to be to daunting at first try KISS firewall
http://www.geocities.com/steve93138/ or Firestarter
http://www.fs-security.com/.  Some people prefer Firestarter as it works with a
GUI and requires GTK.

These will be great tools in trying to keep the script kiddies out and the other
more serious intrusions.  But like any firewal they are never 100% and it takes
allot of tools to keep your network safe.  Also remember security is a trade of
between ease of use and protection.

Just my 2 cents

B.Johnson



Quoting Bernie Johnson <bernie@e-mich.com>:


Kenny,

Look at www.rfxnetworks.com and get APF, BFD and look at the other
scripts there.  This should od what you want and need.

B. Johnson



On Wed, 2005-01-26 at 15:56, Kenny wrote:

Hi List,

Long time reader, first time poster..

My server crashed yesturday and I had to restart it, to get it going
again. Now everything seems ok, however looking at my
/var/log/httpd/access_log.1 shows a visitor to the website posting some
big chunks of exploit code (containing a massive nop sled).
How do I know if this attacker actually got in or not?

This is a redhat fedora core 2 box, and I would describe myself as an
"intermediate" linux user.

Also, has anyone got any scripts that can detect attacks against apache
and ban the ip for a period of time?

I will post the exploit on request.

Thanks, Kenny

--








----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: RPC over HTTP security, Depp, Dennis M.
Next by Date:  Re: Possible weird/insecure configuration of an ISP router exposed unfiltered to public internet?, david kuhlman
Previous by Thread:  Re: Apache attacks, Micheal Cottingham
Next by Thread:  Re: Apache attacks, KillKenny
Indexes:  [Date] [Thread] [Top] [All Lists]