IDS mailing list archives
Re: Intrusion Detection Evaluation Datasets
From: Seth Hall <hall.692 () osu edu>
Date: Fri, 20 Mar 2009 14:47:09 -0400
On Mar 19, 2009, at 5:14 PM, Damiano Bolzoni wrote:
Once I obfuscate some details, I can provide you the traces. We have been also trying to understand why somebody would do such a stupid "attack" (as also Stefano pointed out, it's only to consume resources, whatever they are). As I said, few requests per second do no affect the web server performance, but looking at the number of hosts involved, it's clear the attacker can easily raise the bar.
This is an issue that I've considered approaching because we will occasionally see these sorts of attacks on web servers on our network. They should be detectable more generically by building an average of the Content-Length header values for a address/port pair and watching for when that value begins to sway upwards.
Thanks for bringing up the subject, I've been looking for HTTP DoS attack vectors to monitor for and this has brought up several ideas that I can implement.
.Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721
Current thread:
- Re: Intrusion Detection Evaluation Datasets, (continued)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 17)
- Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 18)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 18)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 18)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 18)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Stuart Staniford (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Joel Esler (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Joel Esler (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 18)
- Re: Intrusion Detection Evaluation Datasets Martin Roesch (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Jim Sansing (Ritasa LLC) (Mar 19)