WebApp Sec mailing list archives
Re: fail2ban
From: primehaxor <primehaxor () gmail com>
Date: Tue, 26 Oct 2010 09:23:00 -0200
Slowloris is a little complicated to mitigate, because it simulate a real conection. I've used some rules on iptables based on packet count/seconds if the access activate the rule it will be about 5 seconds blocked.... But first you need to have some ideia about the real traffic and users access from proxy. Blocking this attack using -j reject isnt a good solve, because you use some bandwidth generating the bad response, -j drop works fine. On Tue, 2010-10-26 at 09:09 +0100, Ryan Dewhurst wrote:
Maybe they are using slowloris? http://ha.ckers.org/slowloris/ Ryan Dewhurst My blog: http://www.ethicalhack3r.co.uk My project: http://www.dvwa.co.uk My Twitter: http://www.twitter.com/ethicalhack3r On 26 October 2010 02:51, Adrian J Milanoski <amilanoski () gmail com> wrote:Check out sshbalck. I know it's for ssh BUT changing the log file for it look at and the strings it's looking for makes it a very effective little perl script. Thanks, Adrian _________________ Sent from my iPhone On 2010-10-21, at 11:40 AM, Kai Witzke <security () gaark de> wrote:Hey everybody! I have some serious problems with flooding attacks to my apache2. No problems with logins oder syn floods, just a huge amount of simple requests to my server from the same ip. Anyone got a nice howto on that or maybe a nice regex prepared for counting such requests and blocking the greedy ones? thanks in advance Kai This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now!http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- fail2ban Kai Witzke (Oct 25)
- Re: fail2ban Adrian J Milanoski (Oct 25)
- Re: fail2ban Ryan Dewhurst (Oct 26)
- Re: fail2ban primehaxor (Oct 26)
- Re: fail2ban Ryan Dewhurst (Oct 26)
- Re: fail2ban Jamuse (Oct 26)
- Re: fail2ban Rafel Ivgi (Oct 26)
- Re: fail2ban Dale Stirling (Oct 26)
- RE: fail2ban Perry B. Whelan (Oct 26)
- Re: fail2ban robert (Oct 28)
- Re: fail2ban Adrian J Milanoski (Oct 28)
- <Possible follow-ups>
- Re: fail2ban Alexandro Silva (Oct 31)
- Re: fail2ban Adrian J Milanoski (Oct 25)