httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Lopez <dan...@rawbyte.com>
Subject Re: OT: Packet Sniffers <----> Apache Traffic
Date Mon, 15 Jul 2002 16:30:15 GMT
On Mon, Jul 15, 2002 at 09:28:02AM -0700, Daniel Lopez wrote:
> 
> 
> > This is slightly OT - but to be brief, we have servers that a few 'users' are attempting
to mine data from.
> > The problem is that they are coming from an ISP's gateway - ISP has not yet responded
to requests to assist.
> > I am trying to find a way to analyse the packets and get some other usable tag from
the packet that we can filter (or write some kind of filter for).
> > 
> > But first I need a (Open Source/Linux if available) sniffer that can assist me in
catching the packets (from a seperate system if possible to prevent over exerting the DB servers).
> >  
> > Anyone else had such a need? Any tips? 
> > Thanks for any help.
> 
> To limit the number of connections / downloads / etc. for abusive users,
> look at mod_throttle
> 
> Alternatively you can: 
> 
> a)For an enduser sniffer, use ethereal, you can take a look at the contents
> of the packets and find the common tag
> 
> b)Then I would use a IDS like snort to trigger firewall rules whenever a request that
> matches that common tag ('signature') is found
> 
> http://www.snert.com/Software/mod_throttle/
> http://www.ethereal.com
> http://www.snort.com

I meant snort.org 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message