tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404
Date Sun, 14 Apr 2013 23:03:16 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Pid,

On 4/12/13 1:54 PM, Pïd stèr wrote:
> On 11 Apr 2013, at 21:36, Christopher Schultz 
> <chris@christopherschultz.net> wrote:
>> [...] though I would run Apache httpd and Tomcat on different
>> hosts, so localhost-binding is not possible unless you are doing
>> something like stunnel (which also might be a good idea if you
>> are traversing an untrusted network).
> 
> Respectfully, I have to disagree. Unless the Apache HTTPD is
> loaded with IDS that can sniff the inbound traffic, you've not
> achieved much, and now you have two boxes that have to be
> maintained, secured & patched. HTTPD != firewall.

While httpd != firewall, it's traditional to allow external-access to
your web server but not your app servers (databases, etc.). That means
that external threats can only directly-attack the web server.
Obviously, suffering a web server break-in sucks, but at least the
attacker then needs to break-into the application server after that.
If it's a one-box wonder, you've been owned in a one fell swoop.

Also, running a heterogeneous environment can thwart attackers who
have some kind of zero-day that got them into the web server (e.g.
running httpd on Linux). Then they try the app server and surprise!
It's NetBSD and they have to stop and find another attack to proceed.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJRazW0AAoJEBzwKT+lPKRYCW0QAIV46+zOy9OQkn/gWhN0JyQF
4KdCXv/TCeItAKLNwcx5cmWFwIOT8HgpTS9Z0Zuj0taUOFM4Rnw2b/ODafhvyRsn
d8Xfh8q5voz5GtXeirXYC4qDLEKVUFifZNj1FCF3ZnX0zIjBxErXQCiRSsD7SWSH
6UMMXUADbvNo4A9KJiQZgM0gX/4IAGJp9DKil5Wx23pJn+poPXIP1FfT87wn/E5b
xpbtjd6yUq0hmJ8dStxxzMlAtVp6EXeAdjODTpoWrDQRzo7CLf0FJ/x72PtbHrTd
ozQ5zUlmEIZEW3DlMbwoJYuXXIlJs/RW+WMMgtJ1YnUjFXsHNBbm7VwMr7SyMom2
ByVDJHCjzEfKmojgYSIOBB9oajg5XFdflzyqhE89X115zpDRHUYYq2ExT4uh8kXv
/Du01Mqo7X8+GBO1vAklESm0P9ejd1OUxeE1dlnNcDtji+pZPZgSdnHKWlZkBpie
p5grsttRMAd/a4J00yKlWSZNbG8ufhIl4fi4zX572bLjc4A/vUX0G6CDWop/U/8Y
MD701ou2pUPPI8opzRc8Vu4bwu+dfBYwIWuId6eczfkxHagN0v3grYUOLiuVTsH0
aDGONfxS27QEUvMKDF1cdZ1+T2L90PW6uk7LTmiy7eXQCgKqCyPLEsIlijyn3chE
pebh9gxK12hQlQzYUsCz
=yDKl
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message