Re: covert crawlers: I wonder how "nobody" came up with thisbefore?

[Dude VanWinkle <dudevanwinkle () gmail com>]

On 1/15/06, Gary Funck <gary () intrepid com> wrote:
>   The Senate website relies extensively
>   on server logs for forensics, but Ball is no longer confident that
>   approach will be helpful in the long run.
>
> Would automated approaches such as connection throttling work better
> for fending off "spider attacks", than manual inspection of logs?
> The only requirement for forensics that I can think of, would be
> to analyze a hack or compromise of some sort.

Or an even better question: How does reviewing a log prevent anything?
Seems to me its too late at that point. I think they just use them for
finding out who's servers to confiscate after a breach, but now with
the (re)advent of this (old)new technology, they will just have to nab
all our servers... to be on the safe side(or the terrorists win).

It seems kinda far fetched to think that someone who was gonna attack
the NSA, CIA, etc would crawl their site from a "legitimate" IP
(legitimate being one in which you could trace it back to the actual
person doing the cracking). I guess stranger things have happened, and
their are stupid criminals out there, but I dont think this a big
forensic loss.

-JP
"Correct me if I am wrong."
-General B. Arnold

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.