[Dshield] Here's a good idea
mtombaugh at alliedcc.com
Tue Apr 13 17:39:41 GMT 2004
On Tuesday 13 April 2004 11:07 am, Miles Stevenson wrote:
> Does anyone
> know if it works?
I don't know if it works, nor do I know why one would use it.
#1 These attacks dont effect apache
#2 If theyre creating logs on your apache, then they are also probably getting
to your IIS (if it exists).
#3 There are much more flexible alternatives (eg. snortsam - thanks Frank!)
There are lots of simple ways to keep these attacks off of your network
entirely, as well as out of your apache/iis logs. For example:
Cisco IOS 12.1(6) (NBAR) can do it:
Or iptables with string matching filters:
Mark Tombaugh <mtombaugh at alliedcc.com>
Allied Computer Corporation <http://www.alliedcc.com>
USiHOST, iNC <http://www.usihost.com>
More information about the list