[plug] web server questions
Ryan
ryan at is.as.geeky.as
Sat Sep 20 12:16:00 WST 2003
On Sat, 2003-09-20 at 11:51, Jon Miller wrote:
> What I'm asking, is there a way to detect HTTP traffic and only allow traffic through that is accessing the virtual web sites on the webserver. Two weeks ago I found out that spamming was done using HTTP traffic to disguise it's real intent and Matt discovered and fixed it. Also what I'm asking is since it's possible to have a filtering list attached to a mail server (e.g check if the address is a know spam address) to validate that the sender is a known spammer, is there a similar filtering mechanism for HTTP, DNS and ICMP traffic. Yes I know that some of the http, dns and ICMP traffic is legit, I want to filter out the illegitimate traffic. Surely it's possible to do a similar filtering system. Since the traffic that is being disguise as
> Is this better handled by number of packets/sec in a firewall rule?
> IDS system only detects they do not act on this detection unless someone knows of one that does. If so, I would be interested in such a package.
http://www.ietf.org/rfc/rfc3514.txt
Help is always at hand :)
Ryan
_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
More information about the plug
mailing list