httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George Gallen <ggal...@slackinc.com>
Subject RE: Packet Sniffers <----> Apache Traffic
Date Mon, 15 Jul 2002 16:17:31 GMT
If the both systems are on switches, it will be very difficult, since
the switch will hide the traffic from the other system.
 
If you find the switch is preventing you from seeing the traffic from the
other system, you may have to put tcpdump on the server machine.
 
Also, are you sure it's not a search engine trying to index your site, if
so,
try setting up a robots.txt to tell them to not index you (most will respect
it, however, I find it intresting that you place a file of where you don't
want someone to look......Kinda like, whatever you do, don't check this
directory...like a beacon to a hacker, unless your saying all the
directories
are off limits.
 
But, if you are able. Make sure the other system is in promisc mode
so it will see traffic besides it's own on it's card.
 
Use tcpdump, (use the -n option to disable the reverse DNS, makes it faster)
monitor for port 80. This will tell you the IP it's coming from. Don't
bother to
try to get the MAC address, since you will only see the MAC of your router
and/or your ISP's router, NOT the MAC of the person your looking for.
 
Once you get the IP, I'd advise going to www.samspade.org
<http://www.samspade.org>  to find out more
about that IP, who own it, who the contact name and PHONE# is.
 
Chances are they are coming in from a proxy out of China, I don't know if
you have any choice but to block if that's the case.
 
But, you should be able to get the same information from your apache access
logs, then add in that IP to be blocked in your .htaccess file.
 
If you don't have tcpdump already installed, you will also need to install a
library file
I believe first, before you can install tcpdump, that's all in the tcpdump
install files
however.
 
George

-----Original Message-----
From: Steve Leach [mailto:sleach@askalix.com]
Sent: Monday, July 15, 2002 11:56 AM
To: users@httpd.apache.org
Subject: OT: Packet Sniffers <----> Apache Traffic


This is slightly OT - but to be brief, we have servers that a few 'users'
are attempting to mine data from.
The problem is that they are coming from an ISP's gateway - ISP has not yet
responded to requests to assist.
I am trying to find a way to analyse the packets and get some other usable
tag from the packet that we can filter (or write some kind of filter for).
 
But first I need a (Open Source/Linux if available) sniffer that can assist
me in catching the packets (from a seperate system if possible to prevent
over exerting the DB servers).
 
Anyone else had such a need? Any tips? 
Thanks for any help.
 
 
Best Regards,
 
Steve Leach
Network Manager
MI International Limited
Eaglescliffe Logistics Centre
Durham Lane
Egglescliffe
URL: http://www.askalix.com <http://www.askalix.com> 

 
 


Mime
View raw message