httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Lopez <dan...@rawbyte.com>
Subject Re: OT: Packet Sniffers <----> Apache Traffic
Date Mon, 15 Jul 2002 16:28:02 GMT


> This is slightly OT - but to be brief, we have servers that a few 'users' are attempting
to mine data from.
> The problem is that they are coming from an ISP's gateway - ISP has not yet responded
to requests to assist.
> I am trying to find a way to analyse the packets and get some other usable tag from the
packet that we can filter (or write some kind of filter for).
> 
> But first I need a (Open Source/Linux if available) sniffer that can assist me in catching
the packets (from a seperate system if possible to prevent over exerting the DB servers).
>  
> Anyone else had such a need? Any tips? 
> Thanks for any help.

To limit the number of connections / downloads / etc. for abusive users,
look at mod_throttle

Alternatively you can: 

a)For an enduser sniffer, use ethereal, you can take a look at the contents
of the packets and find the common tag

b)Then I would use a IDS like snort to trigger firewall rules whenever a request that
matches that common tag ('signature') is found

http://www.snert.com/Software/mod_throttle/
http://www.ethereal.com
http://www.snort.com

Daniel

-- 
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message