OT: Packet Sniffers <----> Apache Traffic

[Steve Leach <sl...@askalix.com>]

This is slightly OT - but to be brief, we have servers that a few 'users' are attempting to mine data from.
The problem is that they are coming from an ISP's gateway - ISP has not yet responded to requests to assist.
I am trying to find a way to analyse the packets and get some other usable tag from the packet that we can filter (or write some kind of filter for).

But first I need a (Open Source/Linux if available) sniffer that can assist me in catching the packets (from a seperate system if possible to prevent over exerting the DB servers).
 
Anyone else had such a need? Any tips? 
Thanks for any help.


Best Regards,

Steve Leach
Network Manager
MI International Limited
Eaglescliffe Logistics Centre
Durham Lane
Egglescliffe
URL: http://www.askalix.com

Re: OT: Packet Sniffers <----> Apache Traffic

[Daniel Lopez <da...@rawbyte.com>]

On Mon, Jul 15, 2002 at 09:28:02AM -0700, Daniel Lopez wrote:
> 
> 
> > This is slightly OT - but to be brief, we have servers that a few 'users' are attempting to mine data from.
> > The problem is that they are coming from an ISP's gateway - ISP has not yet responded to requests to assist.
> > I am trying to find a way to analyse the packets and get some other usable tag from the packet that we can filter (or write some kind of filter for).
> > 
> > But first I need a (Open Source/Linux if available) sniffer that can assist me in catching the packets (from a seperate system if possible to prevent over exerting the DB servers).
> >  
> > Anyone else had such a need? Any tips? 
> > Thanks for any help.
> 
> To limit the number of connections / downloads / etc. for abusive users,
> look at mod_throttle
> 
> Alternatively you can: 
> 
> a)For an enduser sniffer, use ethereal, you can take a look at the contents
> of the packets and find the common tag
> 
> b)Then I would use a IDS like snort to trigger firewall rules whenever a request that
> matches that common tag ('signature') is found
> 
> http://www.snert.com/Software/mod_throttle/
> http://www.ethereal.com
> http://www.snort.com

I meant snort.org 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: OT: Packet Sniffers <----> Apache Traffic

[Daniel Lopez <da...@rawbyte.com>]

> This is slightly OT - but to be brief, we have servers that a few 'users' are attempting to mine data from.
> The problem is that they are coming from an ISP's gateway - ISP has not yet responded to requests to assist.
> I am trying to find a way to analyse the packets and get some other usable tag from the packet that we can filter (or write some kind of filter for).
> 
> But first I need a (Open Source/Linux if available) sniffer that can assist me in catching the packets (from a seperate system if possible to prevent over exerting the DB servers).
>  
> Anyone else had such a need? Any tips? 
> Thanks for any help.

To limit the number of connections / downloads / etc. for abusive users,
look at mod_throttle

Alternatively you can: 

a)For an enduser sniffer, use ethereal, you can take a look at the contents
of the packets and find the common tag

b)Then I would use a IDS like snort to trigger firewall rules whenever a request that
matches that common tag ('signature') is found

http://www.snert.com/Software/mod_throttle/
http://www.ethereal.com
http://www.snort.com

Daniel

-- 
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org