Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 82B68F170 for ; Sun, 14 Apr 2013 23:03:41 +0000 (UTC) Received: (qmail 2340 invoked by uid 500); 14 Apr 2013 23:03:38 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 2133 invoked by uid 500); 14 Apr 2013 23:03:37 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 2111 invoked by uid 99); 14 Apr 2013 23:03:37 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 14 Apr 2013 23:03:37 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [76.96.59.211] (HELO QMTA11.westchester.pa.mail.comcast.net) (76.96.59.211) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 14 Apr 2013 23:03:31 +0000 Received: from omta05.westchester.pa.mail.comcast.net ([76.96.62.43]) by QMTA11.westchester.pa.mail.comcast.net with comcast id Pz1v1l0020vyq2s5Bz3AEg; Sun, 14 Apr 2013 23:03:10 +0000 Received: from Christophers-MacBook-Pro.local ([69.143.109.145]) by omta05.westchester.pa.mail.comcast.net with comcast id Pz381l00w38FjT13Rz39Mi; Sun, 14 Apr 2013 23:03:10 +0000 Message-ID: <516B35B4.3040007@christopherschultz.net> Date: Sun, 14 Apr 2013 19:03:16 -0400 From: Christopher Schultz User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404 References: <99C8B2929B39C24493377AC7A121E21FC4A7CE620C@USEA-EXCH8.na.uis.unisys.com> <51671EC1.1000305@christopherschultz.net> <-6557982305128822109@unknownmsgid> In-Reply-To: <-6557982305128822109@unknownmsgid> X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20121106; t=1365980590; bh=+CvXHyhzXev+jeML9RhY9lv/gdsb0zkRL1+CmZlF4VI=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=GjdI79AC1ywjgF8KZSmoFQgSHFqhuR1w1qMbJeXXviPBzGk65GMFP0X7HTi3avWFt DrDQ7XatM28jTDNN+kvveS0q4/b+JoWUHUMbZubNQaRYWV2RvnH3Gwlfv8PvwqwRQS givb/kDeZmKn4LEXmo1aURUSf2A1VvYME+5PgCUFHZ/KdCmnebwDnv0YC//SSUzYOF AKoZn3FCtUFCVjIVhgxmRedNn7cE7V/CrVpl8cTJ6xRBdRPD8Njy/QVCTxZYdegiyH Sfi2bB6Zoa+1RJ9j7jq6WCDqbvkemuupokrJOfLQDmNb+lGQYAPvZVx0j8BWDAXHvf cz8gpM4fcyCkA== X-Virus-Checked: Checked by ClamAV on apache.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Pid, On 4/12/13 1:54 PM, Pïd stèr wrote: > On 11 Apr 2013, at 21:36, Christopher Schultz > wrote: >> [...] though I would run Apache httpd and Tomcat on different >> hosts, so localhost-binding is not possible unless you are doing >> something like stunnel (which also might be a good idea if you >> are traversing an untrusted network). > > Respectfully, I have to disagree. Unless the Apache HTTPD is > loaded with IDS that can sniff the inbound traffic, you've not > achieved much, and now you have two boxes that have to be > maintained, secured & patched. HTTPD != firewall. While httpd != firewall, it's traditional to allow external-access to your web server but not your app servers (databases, etc.). That means that external threats can only directly-attack the web server. Obviously, suffering a web server break-in sucks, but at least the attacker then needs to break-into the application server after that. If it's a one-box wonder, you've been owned in a one fell swoop. Also, running a heterogeneous environment can thwart attackers who have some kind of zero-day that got them into the web server (e.g. running httpd on Linux). Then they try the app server and surprise! It's NetBSD and they have to stop and find another attack to proceed. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJRazW0AAoJEBzwKT+lPKRYCW0QAIV46+zOy9OQkn/gWhN0JyQF 4KdCXv/TCeItAKLNwcx5cmWFwIOT8HgpTS9Z0Zuj0taUOFM4Rnw2b/ODafhvyRsn d8Xfh8q5voz5GtXeirXYC4qDLEKVUFifZNj1FCF3ZnX0zIjBxErXQCiRSsD7SWSH 6UMMXUADbvNo4A9KJiQZgM0gX/4IAGJp9DKil5Wx23pJn+poPXIP1FfT87wn/E5b xpbtjd6yUq0hmJ8dStxxzMlAtVp6EXeAdjODTpoWrDQRzo7CLf0FJ/x72PtbHrTd ozQ5zUlmEIZEW3DlMbwoJYuXXIlJs/RW+WMMgtJ1YnUjFXsHNBbm7VwMr7SyMom2 ByVDJHCjzEfKmojgYSIOBB9oajg5XFdflzyqhE89X115zpDRHUYYq2ExT4uh8kXv /Du01Mqo7X8+GBO1vAklESm0P9ejd1OUxeE1dlnNcDtji+pZPZgSdnHKWlZkBpie p5grsttRMAd/a4J00yKlWSZNbG8ufhIl4fi4zX572bLjc4A/vUX0G6CDWop/U/8Y MD701ou2pUPPI8opzRc8Vu4bwu+dfBYwIWuId6eczfkxHagN0v3grYUOLiuVTsH0 aDGONfxS27QEUvMKDF1cdZ1+T2L90PW6uk7LTmiy7eXQCgKqCyPLEsIlijyn3chE pebh9gxK12hQlQzYUsCz =yDKl -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org