The following module was proposed for inclusion in the Module List:
modid: HTTPD::ADS
DSLIP: cdpOg
description: webserver abuse detection system
userid: DHUDES (Dana Hudes)
chapterid: 15 (World_Wide_Web_HTML_HTTP_CGI)
communities:
Original concept presented at Stevens Institute of Technology, where
I am a Ph.D student, for course project in Computer Network Security
class
similar:
Apache::BruteWatch has the germ of the idea but is tied to mod_perl
and doesn't do anything about its findings except send email to the
sysadmin
rationale:
Hackers are continually abusing web servers. Worms such as CodeRed,
brute force breakin scripts via anonymous proxies such as 'Hammer',
password sharing / trading and so on. Various 'abuse detection'
scripts exist here and there usually to detect password sharing.
'Intrusion Detection Systems' typically work at the IP packet level.
Its not just "pay sites" that are at risk. Medical data for drug
studies is now collected by pharmaceutical companies via web
interfaces that are password-protected.
when hackers try to break in a typical brute force attack is 5000
automated username/password attempts via each of 20-30 proxy
machines -- at the same time. This uses bandwidth on the network,
the disk subsystem to write useless log entries and of course cpu
and other computer resources (even electricity!).
This is the beginning of a tool intended to stop web-level breakin
attempts in their tracks and at the same time put the operator of
the network from which the attack originates on notice. Future
versions of this system are intended to share result with users of
this systems on other hosts -- in effect issuing a "shoot on sight"
order (i.e. block this host before it can attack you).
enteredby: DHUDES (Dana Hudes)
enteredon: Sun Oct 26 05:08:32 2003 GMT
The resulting entry would be:
HTTPD::
::ADS cdpOg webserver abuse detection system DHUDES
Thanks for registering,
--
The PAUSE
PS: The following links are only valid for module list maintainers:
Registration form with editing capabilities:
https://pause.perl.org/pause/authenquery?ACTION=add_mod&USERID=1f400000_14b5592163456ce2&SUBMIT_pause99_add_mod_preview=1
Immediate (one click) registration:
https://pause.perl.org/pause/authenquery?ACTION=add_mod&USERID=1f400000_14b5592163456ce2&SUBMIT_pause99_add_mod_insertit=1