tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From peter lin <peter....@labs.gte.com>
Subject Re: AW: Security - Attack
Date Thu, 13 Jun 2002 13:01:34 GMT

it's my home system, so I don't care if some one I don't know gets
blocked. For production system it would be better to just filter as some
one else said earlier. I run both tomcat and orion, so neither are
vulnerable, but I rather not clean up logs every week because of stupid
IIS exploits.

Another thing which admins should do is filter out going traffic from
their network for this type of virus/trojan. Atleast I would, but not
every has the time or inclination to do so. In any case, you could write
a request filter in tomcat that will filter out all requests with
".exe".

peter



Ralph Einfeldt wrote:
> 
> Blocking the IP can be a dangerous thing:
> 
> - If there are several people behind a proxy, you will
>   disable all.
> - If the attacking pc has a provider wih dynamic IP's
>   it dousn't help at all, it will just diable all
>   user users that get this IP in the future.
> - It makes you vulnerable to dos attack. As it is possible
>   to fake IP adresses an attacker can disable the acces to
>   your site for a ig amount of people
> 
> > -----Urspr√ľngliche Nachricht-----
> > Von: peter lin [mailto:peter.lin@labs.gte.com]
> > Gesendet: Donnerstag, 13. Juni 2002 14:32
> > An: Tomcat Users List
> > Betreff: Re: Security - Attack
> >
> > apache and tomcat aren't vulnerable, but putting up a
> > firewall to block the IP might be a good idea. For my
> > own server I zone alarm pro, which will block IP trying
> > this exact type of exploit.
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message