Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fingerprinting Port80 Attacks Part 2 Relased

Posted by timothy on from the strange-knockings-in-the-night dept.

jimmi writes: "A couple of months ago cgisecurity.com released a paper called 'Fingerprinting Port80 Attacks.' Today they released Part 2, which is even bigger then the first. Part two can be found here. This paper deals with web application attacks and how to detect them, along with figuring out what the data means."

18 comments

  1. fp by Anonymous Coward · · Score: -1, Offtopic

    first post

  2. why not apply your fingerprint by dadaist · · Score: -1

    to this?

    --

    ~
    MU!
  3. Damn... by Anonymous Coward · · Score: -1, Offtopic

    I'll never be able to get a word in edgewise with all this discussion going on. What a steller conversation catalyst.

    1. Re:Damn... by Anonymous Coward · · Score: -1, Offtopic

      Thank you for interrupting my thoughts. Bastard.

      Where was I?

      Oh yeah, Julia Roberts and a big tub of Jell-O...

      Now HERE is a gateway attack.

  4. See my vest by Anonymous Coward · · Score: -1, Offtopic

    See my vest, see my vest, made from real gorilla chest.

    1. Re:See my vest by Anonymous Coward · · Score: -1, Offtopic

      ...and my loafers, former gophers....

    2. Re:See my vest by Serial+Troller · · Score: -1

      It was that, or skin my chauffeurs,
      But a greyhound fur tuxedo would be best...

      --

      STOP ME BEFORE I POST AGAIN!

  5. Snort??? by arberya · · Score: 1

    Have these ideas been rolled into possible attack signatures in Snort, etc?? The last time I looked at the Snort sigs, they were very attack specific sigs and not generic "please avoid every request taht has an *"

  6. Ad by quadong · · Score: -1, Offtopic

    Wow, that ad is really annoying. And the text doesn't even wrap around it properly... I hope this is just a test run...

    1. Re:Ad by Serial+Troller · · Score: -1

      What ad? All I see is whitespace and this mysterious little red [X]...

      --

      STOP ME BEFORE I POST AGAIN!

    2. Re:Ad by Anonymous Coward · · Score: -1, Offtopic

      Did you like Slashdot better without all of the out-of-place ads, or perhaps with no ads at all? Now you can get it for free and save yourself $5 a month. This is truly a great testament to the spirit of hacking! Check this out!

  7. HTML version of the article by selan · · Score: 3, Informative

    ...is here.

  8. Interesting... by Anonymous Coward · · Score: 2, Informative

    Fingerprinting is a fertile area of research. For example, I wrote a program that sits between port 25 and an SMTP server; it uses nmap-like fingerprinting techniques to detect known spam distribution programs. Since I implemented this, the total amount of spam on my network decreased by 150% and we expect a lower total cost of ownership to result as well. I think fingerprinting is the future for security; imagine only letting certified programs from accessing your network, thus stopping 'cracking' and 'sniffing' tools dead in their tracks. This is exactly what open source is all about, and commercial software can't give you: innovation.

    1. Re:Interesting... by Anonymous Coward · · Score: 0

      your total amount of spam decreased 150%? it's
      now rejecting spam before it's even sent?

    2. Re:Interesting... by paulsomm · · Score: 2, Insightful

      nice comment, except for the lame open source plug at the end. anyone can innovate, open or closed.

    3. Re:Interesting... by Anonymous Coward · · Score: 0

      You say your spam "decreased by 150%". So that means spam is sucked out of your network and back onto the net?

      You can't decrease something by 150% - you can only indicate your inability with math by statements such as you made.

      If your code is as well written as your math skills would indicate, I'm very glad there was no posting of the source. Please send it to Bill G; you'll probably get a job offer.

    4. Re:Interesting... by Anonymous Coward · · Score: 0

      Nice, so now you open yourself up as a spam relay with no ability for the smtp server to validate the peer connection address. You would have been better off rewritting some of the MX rules in your sendmail.cf to accomplish this.

  9. Comment removed by account_deleted · · Score: 2

    Comment removed based on user account deletion