RE: Security - Attack

2002-06-13 Thread Cato, Christopher
gt; Subject: Re: Security - Attack > > > Hi all, > > thanks for your help. What do you suggest me to do? > > Whe you say :"So it makes some sense to change the configuration > for apache", what do you mean? > > Laura > > > > - Origi

Re: Security - Attack

2002-06-13 Thread peter lin
Everyone has their preference, but the reason I do it is because of maintenance. I can think of other reasons why a person may want to filter the traffic. 1. keep weblog clean 2. reduce bandwidth usage There are lots of ways to filter out the stuff for weblog analysis, so writing a filter isn't

Re: Security - Attack

2002-06-13 Thread Laura
List" <[EMAIL PROTECTED]> Sent: Thursday, June 13, 2002 3:22 PM Subject: AW: Security - Attack I wouldn't say that they do no harm: - They mess up your statistics If you don't change your configuration it's not possible to distinguish the 404 from the viruses from others

AW: Security - Attack

2002-06-13 Thread Ralph Einfeldt
Nachricht- > Von: Tim Funk [mailto:[EMAIL PROTECTED]] > Gesendet: Donnerstag, 13. Juni 2002 15:04 > An: Tomcat Users List > Betreff: Re: Security - Attack > > > Warning: this may start flame war - but its my opinion. > > What is the purpose of detecting and trying to pre

RE: Security - Attack

2002-06-13 Thread Jim Urban
in error please notify the sender of the delivery error by e-mail or call Park City Solutions Inc. corporate offices at (435) 654-0621 -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 8:04 AM To: Tomcat Users List Subject: Re: Security - Attack Wa

RE: Security - Attack

2002-06-13 Thread Mike Millson
what better place to redirect them to than M$? Mike -Original Message- From: Cato, Christopher [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 9:11 AM To: 'Tomcat Users List' Subject: RE: Security - Attack a simple purpose - since it's my home machine, i did it j

RE: Security - Attack

2002-06-13 Thread Cato, Christopher
r - a bored guy. > -Original Message- > From: Tim Funk [mailto:[EMAIL PROTECTED]] > Sent: den 13 juni 2002 15:04 > To: Tomcat Users List > Subject: Re: Security - Attack > > > Warning: this may start flame war - but its my opinion. > > What is the pur

RE: Security - Attack

2002-06-13 Thread andre . powroznik
im Funk [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 15:04 To: Tomcat Users List Subject: Re: Security - Attack Warning: this may start flame war - but its my opinion. What is the purpose of detecting and trying to prevent these attacks? If someone code reds (or similar) you - they get a 404 error

Re: Security - Attack

2002-06-13 Thread Tim Funk
Warning: this may start flame war - but its my opinion. What is the purpose of detecting and trying to prevent these attacks? If someone code reds (or similar) you - they get a 404 error. Why waste the extra processing power and extra config maintenance on something that does "no harm". When

Re: AW: Security - Attack

2002-06-13 Thread peter lin
lin [mailto:[EMAIL PROTECTED]] > > Gesendet: Donnerstag, 13. Juni 2002 14:32 > > An: Tomcat Users List > > Betreff: Re: Security - Attack > > > > apache and tomcat aren't vulnerable, but putting up a > > firewall to block the IP might be a good idea. For my

RE: Security - Attack

2002-06-13 Thread Jim Urban
omcat Users List' Subject: RE: Security - Attack You should do what I did. For Code Red and similar exploits, create a bunch of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those requests to www.microsoft.com instead. After all, they ARE responsible, aren't they? :) &g

AW: Security - Attack

2002-06-13 Thread Ralph Einfeldt
ble to dos attack. As it is possible to fake IP adresses an attacker can disable the acces to your site for a ig amount of people > -Ursprüngliche Nachricht- > Von: peter lin [mailto:[EMAIL PROTECTED]] > Gesendet: Donnerstag, 13. Juni 2002 14:32 > An: Tomcat Users List &

AW: Security - Attack

2002-06-13 Thread Ralph Einfeldt
mcat Users List > Betreff: RE: Security - Attack > > For my part I chose not to answer at all this kind of > requests and shut down the socket connexion. > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Security - Attack

2002-06-13 Thread peter lin
apache and tomcat aren't vulnerable, but putting up a firewall to block the IP might be a good idea. For my own server I zone alarm pro, which will block IP trying this exact type of exploit. peter Laura wrote: > > Hi all, > > well I have, in my opinion, a very interesting question. > > Las

RE: Security - Attack

2002-06-13 Thread Jean Christophe Rousseau
> > I prefer to to answer with a 400/403/406 (still will be logged) > > or 204 (No log entry). For my part I chose not to answer at all this kind of requests and shut down the socket connexion. (I had this problem while testing a home made web server). Christophe -- To unsubscribe, e-mail:

RE: Security - Attack

2002-06-13 Thread Cato, Christopher
To: Tomcat Users List > Subject: AW: Security - Attack > > > I have doubts that the viruses will follow the redirect. > > I prefer to to answer with a 400/403/406 (still will be logged) > or 204 (No log entry). > > I also have doubts that this is legal, so be carefull

AW: Security - Attack

2002-06-13 Thread Ralph Einfeldt
[EMAIL PROTECTED]] > Gesendet: Donnerstag, 13. Juni 2002 13:38 > An: 'Tomcat Users List' > Betreff: RE: Security - Attack > > > You should do what I did. For Code Red and similar exploits, > create a bunch of mod_rewrite filters (in httpd.conf - for Apache) &

RE: Security - Attack

2002-06-13 Thread Cato, Christopher
art Stephen [mailto:[EMAIL PROTECTED]] > Sent: den 13 juni 2002 10:43 > To: Tomcat Users List > Subject: RE: Security - Attack > > > I think they are code red attacks. These shouldn't be > anything to worry > about on a Tomcat server if I am correct in my thinking. They

Re: Security - Attack

2002-06-13 Thread David Cassidy
o worry >about on a Tomcat server if I am correct in my thinking. They only affect >IIS. > >-Original Message- >From: Laura [mailto:[EMAIL PROTECTED]] >Sent: 13 June 2002 09:35 >To: Tomcat Users List >Subject: Security - Attack > > >Hi all, > >well I have

RE: Security - Attack

2002-06-13 Thread Stuart Stephen
I think they are code red attacks. These shouldn't be anything to worry about on a Tomcat server if I am correct in my thinking. They only affect IIS. -Original Message- From: Laura [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 09:35 To: Tomcat Users List Subject: Security - Attack

Security - Attack

2002-06-13 Thread Laura
Hi all, well I have, in my opinion, a very interesting question. Last week we went in a production enviroment: we have apache + tomcat with an important web application xxx (http.conf has JkMount /xxx worker). Well, this morning I have discovered that somebody has tried to attack my server: in