[Dshield] Look at this Nitwit

Doug Douglass hostmaster at denverdata.com
Wed Jan 28 23:00:17 GMT 2004


On Wednesday 28 January 2004 03:40 pm, David Hart wrote:

> How do you feel about a zero-byte default.ida? It saves some cycles. any
> downside?

Depends on what response you want your web server to give back to the request.

We trap and redirect these and other known exploit requests via mod_rewrite 
rules to a script which, amongst other things, adds a "deny from <request 
ip>" to the web server and gives back a response code of our liking. Nothing 
fancy, there's many examples around the net.

BTW: Eventually, this info will feed into other systems that may update 
tcpwrappers, iptables, etc. (possibly on other hosts) to shutdown the traffic 
at the network level.

Doug




More information about the list mailing list