[Dshield] Here's a good idea

Mark Tombaugh mtombaugh at alliedcc.com
Tue Apr 13 17:39:41 GMT 2004

On Tuesday 13 April 2004 11:07 am, Miles Stevenson wrote:
> Does anyone
> know if it works?

I don't know if it works, nor do I know why one would use it.
#1 These attacks dont effect apache
#2 If theyre creating logs on your apache, then they are also probably getting 
to your IIS (if it exists). 
#3 There are much more flexible alternatives (eg. snortsam - thanks Frank!)

There are lots of simple ways to keep these attacks off of your network 
entirely, as well as out of your apache/iis logs. For example:

Cisco IOS 12.1(6) (NBAR) can do it:

Or iptables with string matching filters:

Mark Tombaugh <mtombaugh at alliedcc.com>
Allied Computer Corporation <http://www.alliedcc.com>
USiHOST, iNC <http://www.usihost.com>

More information about the list mailing list