Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fingerprinting Port 80 Attacks

Posted by CmdrTaco on from the keeping-it-real dept.

pg writes "I found an interesting article on www.cgisecurity.com that explains common fingerprints in web server, and web application attacks. It goes to describe how to detect most known, and unknown attacks. This may come in handy when trying to detect another internet worm."

2 of 147 comments (clear)

  1. Fingerprint Database by helleman · · Score: 5, Interesting

    I'd love to see a plugin for apache that allowed a central server fingerprint database for new exploits.

    Every hour or so, a web server could access a central fingerprint server and download what the latest exploits look like. If a exploit comes in, the server could deny that IP, or drop those accesses without needing to know what the particular exploit is. A self maintaining web server via the web.

    What do you think?

    1. Re:Fingerprint Database by Tenebrious1 · · Score: 5, Interesting

      And, unbeknownst to you and thousands of others, the site that maintains the list has been hacked, and you are downloading empty lists that allow every exploit.

      It's a good idea, but there's a problem when you create a central point of failure.

      --
      -- If god wanted me to have a sig, he'd have given me a sense of humor.