The following module was proposed for inclusion in the Module List:

  modid:       HTTPD::ADS
  DSLIP:       cdpOg
  description: webserver abuse detection system
  userid:      DHUDES (Dana Hudes)
  chapterid:   15 (World_Wide_Web_HTML_HTTP_CGI)
  communities:
    Original concept presented at Stevens Institute of Technology, where
    I am a Ph.D student, for course project in Computer Network Security
    class

  similar:
    Apache::BruteWatch has the germ of the idea but is tied to mod_perl
    and doesn't do anything about its findings except send email to the
    sysadmin

  rationale:

    Hackers are continually abusing web servers. Worms such as CodeRed,
    brute force breakin scripts via anonymous proxies such as 'Hammer',
    password sharing / trading and so on. Various 'abuse detection'
    scripts exist here and there usually to detect password sharing.
    'Intrusion Detection Systems' typically work at the IP packet level.
    Its not just "pay sites" that are at risk. Medical data for drug
    studies is now collected by pharmaceutical companies via web
    interfaces that are password-protected.

    when hackers try to break in a typical brute force attack is 5000
    automated username/password attempts via each of 20-30 proxy
    machines -- at the same time. This uses bandwidth on the network,
    the disk subsystem to write useless log entries and of course cpu
    and other computer resources (even electricity!).

    This is the beginning of a tool intended to stop web-level breakin
    attempts in their tracks and at the same time put the operator of
    the network from which the attack originates on notice. Future
    versions of this system are intended to share result with users of
    this systems on other hosts -- in effect issuing a "shoot on sight"
    order (i.e. block this host before it can attack you).

  enteredby:   DHUDES (Dana Hudes)
  enteredon:   Sun Oct 26 05:08:32 2003 GMT

The resulting entry would be:

HTTPD::
::ADS             cdpOg webserver abuse detection system             DHUDES


Thanks for registering,
-- 
The PAUSE

PS: The following links are only valid for module list maintainers:

Registration form with editing capabilities:
  
https://pause.perl.org/pause/authenquery?ACTION=add_mod&USERID=1f400000_14b5592163456ce2&SUBMIT_pause99_add_mod_preview=1
Immediate (one click) registration:
  
https://pause.perl.org/pause/authenquery?ACTION=add_mod&USERID=1f400000_14b5592163456ce2&SUBMIT_pause99_add_mod_insertit=1

Reply via email to