[plug] web server questions

Ryan ryan at is.as.geeky.as
Sat Sep 20 12:16:00 WST 2003


On Sat, 2003-09-20 at 11:51, Jon Miller wrote:
> What I'm asking, is there a way to detect HTTP traffic and only allow traffic through that is accessing the virtual web sites on the webserver.  Two weeks ago I found out that spamming was done using HTTP traffic to disguise it's real intent and Matt discovered and fixed it.  Also what I'm asking is since it's possible to have a filtering list attached to a mail server (e.g check if the address is a know spam address)  to validate  that the sender is a known spammer, is there a similar filtering mechanism for HTTP, DNS and ICMP traffic.  Yes I know that some of the http, dns and ICMP traffic is legit, I want to filter out the illegitimate traffic.  Surely it's possible to do a similar filtering system.  Since the traffic that is being disguise as 
> Is this better handled by number of packets/sec in a firewall rule?
> IDS system only detects they do not act on this detection unless someone knows of one that does. If so, I would be interested in such a package.

http://www.ietf.org/rfc/rfc3514.txt

Help is always at hand :)

Ryan

_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug


More information about the plug mailing list