httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Lopez <>
Subject Re: OT: Packet Sniffers <----> Apache Traffic
Date Mon, 15 Jul 2002 16:28:02 GMT

> This is slightly OT - but to be brief, we have servers that a few 'users' are attempting
to mine data from.
> The problem is that they are coming from an ISP's gateway - ISP has not yet responded
to requests to assist.
> I am trying to find a way to analyse the packets and get some other usable tag from the
packet that we can filter (or write some kind of filter for).
> But first I need a (Open Source/Linux if available) sniffer that can assist me in catching
the packets (from a seperate system if possible to prevent over exerting the DB servers).
> Anyone else had such a need? Any tips? 
> Thanks for any help.

To limit the number of connections / downloads / etc. for abusive users,
look at mod_throttle

Alternatively you can: 

a)For an enduser sniffer, use ethereal, you can take a look at the contents
of the packets and find the common tag

b)Then I would use a IDS like snort to trigger firewall rules whenever a request that
matches that common tag ('signature') is found


Teach Yourself Apache 2 --

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message