You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Steve Leach <sl...@askalix.com> on 2002/07/15 17:55:39 UTC
OT: Packet Sniffers <----> Apache Traffic
This is slightly OT - but to be brief, we have servers that a few 'users' are attempting to mine data from.
The problem is that they are coming from an ISP's gateway - ISP has not yet responded to requests to assist.
I am trying to find a way to analyse the packets and get some other usable tag from the packet that we can filter (or write some kind of filter for).
But first I need a (Open Source/Linux if available) sniffer that can assist me in catching the packets (from a seperate system if possible to prevent over exerting the DB servers).
Anyone else had such a need? Any tips?
Thanks for any help.
Best Regards,
Steve Leach
Network Manager
MI International Limited
Eaglescliffe Logistics Centre
Durham Lane
Egglescliffe
URL: http://www.askalix.com
Re: OT: Packet Sniffers <----> Apache Traffic
Posted by Daniel Lopez <da...@rawbyte.com>.
On Mon, Jul 15, 2002 at 09:28:02AM -0700, Daniel Lopez wrote:
>
>
> > This is slightly OT - but to be brief, we have servers that a few 'users' are attempting to mine data from.
> > The problem is that they are coming from an ISP's gateway - ISP has not yet responded to requests to assist.
> > I am trying to find a way to analyse the packets and get some other usable tag from the packet that we can filter (or write some kind of filter for).
> >
> > But first I need a (Open Source/Linux if available) sniffer that can assist me in catching the packets (from a seperate system if possible to prevent over exerting the DB servers).
> >
> > Anyone else had such a need? Any tips?
> > Thanks for any help.
>
> To limit the number of connections / downloads / etc. for abusive users,
> look at mod_throttle
>
> Alternatively you can:
>
> a)For an enduser sniffer, use ethereal, you can take a look at the contents
> of the packets and find the common tag
>
> b)Then I would use a IDS like snort to trigger firewall rules whenever a request that
> matches that common tag ('signature') is found
>
> http://www.snert.com/Software/mod_throttle/
> http://www.ethereal.com
> http://www.snort.com
I meant snort.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: OT: Packet Sniffers <----> Apache Traffic
Posted by Daniel Lopez <da...@rawbyte.com>.
> This is slightly OT - but to be brief, we have servers that a few 'users' are attempting to mine data from.
> The problem is that they are coming from an ISP's gateway - ISP has not yet responded to requests to assist.
> I am trying to find a way to analyse the packets and get some other usable tag from the packet that we can filter (or write some kind of filter for).
>
> But first I need a (Open Source/Linux if available) sniffer that can assist me in catching the packets (from a seperate system if possible to prevent over exerting the DB servers).
>
> Anyone else had such a need? Any tips?
> Thanks for any help.
To limit the number of connections / downloads / etc. for abusive users,
look at mod_throttle
Alternatively you can:
a)For an enduser sniffer, use ethereal, you can take a look at the contents
of the packets and find the common tag
b)Then I would use a IDS like snort to trigger firewall rules whenever a request that
matches that common tag ('signature') is found
http://www.snert.com/Software/mod_throttle/
http://www.ethereal.com
http://www.snort.com
Daniel
--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org