Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fingerprinting Port 80 Attacks

Posted by CmdrTaco on Monday November 5, 2001 @09:49AM from the keeping-it-real dept.

pg writes "I found an interesting article on www.cgisecurity.com that explains common fingerprints in web server, and web application attacks. It goes to describe how to detect most known, and unknown attacks. This may come in handy when trying to detect another internet worm."

2 of 147 comments (clear)

Min score:

Reason:

Sort:

One thing missed by 13013dobbs · 2001-11-05 09:55 · Score: 5, Insightful

formmail script exploits. Due to post 25 blocking, spammers are looking for exploitable formmail scripts to send their spam through. I guess the author just wanted to talk about root exploits, but there are other ways to abuse a web server.

--
No replies made to AC posts. Please log in.
Re:Fingerprint Database by b1t+r0t · 2001-11-05 10:50 · Score: 3, Insightful

I'd love to see a plugin for apache that allowed a central server fingerprint database for new exploits.

Then we could couple it with my favorite idea for an Apache module: mod_labrea. This way any 'undesirable' HTTP exploit could be given a reverse DoS by keeping the connections alive and stalled for as long as possible.

--

--
"Open source is good." - Steve Jobs
"Open source is evil." - Microsoft