Firewall Wizards mailing list archives
Re: preventing XSS and SQL injection?
From: ArkanoiD <ark () eltex net>
Date: Fri, 3 Jun 2005 00:02:31 +0400
Again, it is reasonable approach when protecting server, but does not work at all when protecting client. At least the ruleset your refer to. On Thu, Jun 02, 2005 at 04:01:22PM -0400, J. Oquendo wrote:
On Thu, 2 Jun 2005, ArkanoiD wrote:becuase it is too hard to convert history to a formal description. doing it not smart enough will lead to necessarity of adding new patterns daily or even hourly ;-)Too hard? Nonsense. If you say you have an assessment of normal patterns, a two week interval would should you enough you would need to go by to get some form of template going. Adding the remaining anomolies would be child's play. New patterns daily or even hourly? My guess is you would want to be more specific in your question. Is this web traffic only, does it include say VOIP traffic, messenger(s) traffic, DHCP traffic, tunnels. For httpd based injection I use mod_security, and I also use mod_dosevasive which work just fine. Need a sample mod_security conf you could see all the nifty little annoying rules I added to this machine: www.infiltrated.net/modsecrules Good luck there are crapload. And you're on your own viewing redirected URL's... (You've been warned). mod_security for httpd works wonders. As for the firewall level, IDS level, I'm sure if you took the time you could get it working by taking a snapshot. Anything else sounds like an excuse to avoid going the obvious route. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x97B43D89 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89 To conquer the enemy without resorting to war is the most desirable. The highest form of generalship is to conquer the enemy by strategy." - Sun Tzu email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- preventing XSS and SQL injection? ArkanoiD (Jun 02)
- Re: preventing XSS and SQL injection? Marcus J. Ranum (Jun 02)
- Re: preventing XSS and SQL injection? ArkanoiD (Jun 02)
- Re: preventing XSS and SQL injection? Marcus J. Ranum (Jun 02)
- Re: preventing XSS and SQL injection? ArkanoiD (Jun 02)
- Re: preventing XSS and SQL injection? David Thiel (Jun 02)
- Re: preventing XSS and SQL injection? Devdas Bhagat (Jun 02)
- <Possible follow-ups>
- Re: preventing XSS and SQL injection? J. Oquendo (Jun 02)
- Re: preventing XSS and SQL injection? ArkanoiD (Jun 02)
- RE: preventing XSS and SQL injection? Behm, Jeffrey L. (Jun 02)
- Re: preventing XSS and SQL injection? J. Oquendo (Jun 02)
- Re: preventing XSS and SQL injection? ArkanoiD (Jun 02)
- Re: preventing XSS and SQL injection? Marcus J. Ranum (Jun 02)