httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan Ristic <>
Subject Re: cvs commit: httpd-2.0/server protocol.c
Date Tue, 26 Oct 2004 13:51:59 GMT

> In the case you just mentioned... it is going to take
> a special 'filter' to 'sense' that a possible DOS 
> attack is in progress. Just fair amounts of 'dataless'
> connection requests from one or a small number of orgins
> doesn't qualify. There are plenty of official
> algorithms around now to 'sense' most of these
> brute force attacks and ( only then ) pop you an
> 'alert' or something.
> Just relying on a gazillion entries in a log file isn't
> the right way to 'officially' distinguish a DOS attack
> from just ( as Roy says ) 'life on the Internet'.

  Sure, you may need to have some logic to determine what makes
  an attack and what not, but you must have the log entry to
  begin with so you feed it to the algorithm.

ModSecurity (
[ Open source IDS for Web applications ]

View raw message