[Dshield] Look at this Nitwit
hostmaster at denverdata.com
Wed Jan 28 23:00:17 GMT 2004
On Wednesday 28 January 2004 03:40 pm, David Hart wrote:
> How do you feel about a zero-byte default.ida? It saves some cycles. any
Depends on what response you want your web server to give back to the request.
We trap and redirect these and other known exploit requests via mod_rewrite
rules to a script which, amongst other things, adds a "deny from <request
ip>" to the web server and gives back a response code of our liking. Nothing
fancy, there's many examples around the net.
BTW: Eventually, this info will feed into other systems that may update
tcpwrappers, iptables, etc. (possibly on other hosts) to shutdown the traffic
at the network level.
More information about the list