Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Hit Throttling - Content Theft Prevention

from [Steve Shah] Network Security [Permanent Link]
Subject: Re: Hit Throttling - Content Theft Prevention
Date: Wed, 19 Oct 2005 08:13:18 -0700 
On Wed, Oct 19, 2005 at 04:11:56AM -0600, Kurt Seifried wrote:

use the same user agent....) and they also come (for my site anyways) from 
a few well defined class C's. Whitelisting legitimate crawlers isn't to 
hard (user agent string, network blocks, reverse DNS, etc.).


There are several well known / large search engines out there that
you'll want to whitelist for. (MSN, Google, Yahoo, Amazon's, AskJeeves, etc.)
However, the challenge is that servers move *all the time*. Heck,
the servers don't have to move for their netblocks to move. Doing
an IP whitelist can be dangerous if you aren't vigilant about tracking
where the search engines are. 

Assuming that you do want to whitelist search engines, (not a good
idea, IMO, a previous poster pointed out the paradox already), you
may want to do this by using a warning system instead of a blocking
system. If a user-agent comes from an IP address that is not in your
whitelist, issue a email notification to you on a regular basis.
Take a look at the situation and then decide if you want to blacklist
the IP that is originating the request.

Of course, if that person is coming from AOL, you may not want to do
that. 

-Steve

-- 
Steve Shah
sshah@RisingEdge.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SecurityFocus article announcement: Two-factor banking, Andrew van der Stock
Next by Date:  Oracle 10g - emagent.exe Stack-Based Overflow, SPI Labs
Previous by Thread:  Re: Hit Throttling - Content Theft Prevention, Kurt Seifried
Next by Thread:  Re: Hit Throttling - Content Theft Prevention, focus
Indexes:  [Date] [Thread] [Top] [All Lists]