IDS mailing list archives
RE: Snort rules to detect malformed http scanning
From: "Ofer Shezaf" <OferS () Breach com>
Date: Sun, 29 Oct 2006 08:12:24 -0500
I think that to protect a web server, especially regarding any deviation of from the HTTP protocol, you may get more from a dedicated web intrusion detection system such as ModSecurity (www.modsecurity.org). We have recently released a new core rule set for ModSecurity that addresses such as malformed URIs and HTTP requests. ~ Ofer Shezaf www.modsecurity.org www.breach.com
-----Original Message----- From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of pathik () zimbio com Sent: Friday, October 27, 2006 2:02 AM To: focus-ids () securityfocus com Subject: Snort rules to detect malformed http scanning I would liek to add rule to my snort database which can block scanning
of
malformed urls. We are runnning our website in CGI which eventually generated mix of
java
script based HTml code. Few days back we are experiencing traffic from scanners and bots which scans our website for PHP files,which we don't have. I would like to block IP addresses of this types of scan genration.
------------------------------------------------------------------------
Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig n=
intro_sfw to learn more.
------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Snort rules to detect malformed http scanning pathik (Oct 27)
- <Possible follow-ups>
- RE: Snort rules to detect malformed http scanning Ofer Shezaf (Oct 30)
- Message not available
- Re: Snort rules to detect malformed http scanning Justin Heath (Oct 30)
- Message not available