httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From PeterKorman <calvin-apache...@eigenvision.com>
Subject Re: [users@httpd] Re: access log -- GET /scripts/..%%35%63../winnt/system32
Date Mon, 21 Oct 2002 00:31:07 GMT
On Sun, Oct 20, 2002 at 02:31:48PM -0400, Lee Grey wrote:
> On the other hand, given the fact that so many users have dynamic IP
> addresses, you are really blocking a number that can't be guaranteed to
> match the machine it came from at that moment.  The next day or two weeks
> later, you are probably still vulnerable to the same "attack" from the same
> infected machine, while having blocked access to your site by whatever
> innocent machine currently has that IP address.
> 
> Just a thought.
> 
> Best wishes,
> Lee Grey
> Grey Matter
> http://www.URLinOne.com

that is the most compelling argument I've heard yet to age out the IP
attack addresses after 30 to 60 days. Thanks.

JPK


Mime
View raw message