I m having dos attack on my apache web server which is also simeltenously having our imap as well as pop3 server have checked with top it some times of the day gives more cpu consumption and by uptime I came to know that there are no. of active users goes up from 3 to 4 (average) to 20 or more after checking httpd logs I came to know that someone is asking for *.exe files from different ips we have a consaltunt but he says he doesnt have any solution for the timebeing he says to stop and restart the httpd service when it happens do u have any comments we are having dedicated connection and around 500+ email users please infrom me if there are any monitoring tools for sendmail /dos attack /apache which can be monitored in real time thanks
Hiten.
__________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com
--- Hiten Desai linuxbrd@yahoo.com wrote:
I m having dos attack on my apache web server which is also simeltenously having our imap as well as email users please infrom me if there are any monitoring tools for sendmail /dos attack /apache which can be monitored in real time
[snip] there r a whole list of tools available to safeguard nd alert u in event of a predefined mailicious events. Try the multitude of monitorin nd IDS tools available....also u may want to write some new plugins for the aviailable IDS'es, to suit ur cause.....:d
Catch me off the list for other Off Topic info.
Trevor Warren
thanks
Hiten.
===== ( >- LINUX, It's all about CHOICE -< ) /~\ __ http://www.qmailtheeasyway.com __ /~\ | ) / mailto: trevorwarren@yahoo.com \ (/ | |_|_ \ Urgent ->9820349221@maxtouch.co.in / _|_| ___________________________________/
__________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com
Sometime Today, Hiten Desai assembled some asciibets to say:
I m having dos attack on my apache web server
It is most likely someone who is infected with Nimda or a similar worm. Do a whois on the IPs, and contact the administrators. I've had a lot of success with this method alone.
which is also simeltenously having our imap as well as pop3 server have checked with top it some times of the
You probably shouldn't have all these on the same machine. pop3 and imap are insecure protocols (imap is more secure, but still crackable). You should ensure that they are at least not accessible via the net.
doesnt have any solution for the timebeing he says to stop and restart the httpd service when it happens
You can try blocking those IPs (through tcpd or ipchains), or blocking those specific request urls in apache. Check apache docs for this. It should be something like:
<Files .*.exe> deny from all </Files>
but check anyway
we are having dedicated connection and around 500+ email users please infrom me if there are any monitoring tools for sendmail /dos attack /apache which can be monitored in
search freshmeat.net. There are a few out there. Search in the log analyser category.
Philip
when i am mounting the cd drive. it is giving an error that 'DriveReady SeekComplete Error'
__________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Friday 28 December 2001 08:58, you wrote:
when i am mounting the cd drive. it is giving an error that 'DriveReady SeekComplete Error'
Is it a music CD. I am asking this because once, when I was not aware of the fact that music CDs cannot be mounted, I got the same error. Try some CD player software directly without mount e.g. try 'ascd'.
regards.
- --
Pankaj Jangid National Centre for Software Technology
GnuPG Key : http://ashoka.ncst.ernet.in/~pankaj/gpg.txt
On Fri, 28 Dec 2001, ambarish pathak wrote:
I always thought IMAP was an insecure as POP3 is. Will you please elaborate? Thanks in advance.
IMAP allows authentication through either the LOGIN or AUTHENTICATE commands. The LOGIN command sends username and password as plaintext, while AUTHENTICATE provides a general mechanism for a variety of authentication techniques. (RFC2060)
Using AUTHENTICATE, I could for example use KERBEROS, GSSAPI or S/Key (RFC1731). S/Key does not provide protection, but the others do.
I guess it could be extended to add other authentication mechanisms too, since no additional commands need to be added to the protocol to support it.
Philip
--- Philip S Tellis philip.tellis@iname.com wrote:
On Fri, 28 Dec 2001, ambarish pathak wrote:
I always thought IMAP was an insecure as POP3 is.
Will you
please elaborate? Thanks in advance.
[snip] the protocol bein secure itself may not be the case always. AFAIK, 1 can enhance the security provided by some of these protocols by incorporatin 3rd party authentication mechanisms as our dear lugger philip has mentioned previously.
The situation as mentioned by u is still quite ambigious nd does not mention the potential source of the attacker. AFAIK, there is no way to avoid DOS, DDOS attacks unless all the networkin equipment manufacturers in the world adhered to higher security polices....but again this is a very debatable issue that has spawned more than a few flame wars.
U can always use IDS systems to inform u abt potential attacks on ur network.
IMAP allows authentication through either the LOGIN or AUTHENTICATE commands. The LOGIN command sends username and password as plaintext, while AUTHENTICATE provides a general mechanism for a variety of authentication techniques. (RFC2060)
Trevor Warren
===== ( >- LINUX, It's all about CHOICE -< ) /~\ __ http://www.qmailtheeasyway.com __ /~\ | ) / mailto: trevorwarren@yahoo.com \ (/ | |_|_ \ Urgent ->9820349221@maxtouch.co.in / _|_| ___________________________________/
__________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com
To protect apache from Nimda insert this in httpd.conf:
<LocationMatch ".ida|(root|cmd).exe"> order allow,deny deny from all </LocationMatch> lilo ----- Original Message ----- From: Hiten Desai linuxbrd@yahoo.com To: linux user group linuxers@mm.ilug-bom.org.in Sent: Thursday, December 27, 2001 10:39 PM Subject: [ILUG-BOM] DOS attack
I m having dos attack on my apache web server which is also simeltenously having our imap as well as pop3 server have checked with top it some times of the day gives more cpu consumption and by uptime I came to know that there are no. of active users goes up from 3 to 4 (average) to 20 or more after checking httpd logs I came to know that someone is asking for *.exe files from different ips we have a consaltunt but he says he doesnt have any solution for the timebeing he says to stop and restart the httpd service when it happens do u have any comments we are having dedicated connection and around 500+ email users please infrom me if there are any monitoring tools for sendmail /dos attack /apache which can be monitored in real time thanks
Hiten.
Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com _______________________________________________ http://mm.ilug-bom.org.in/mailman/listinfo/linuxers
-
ambarish pathak -
banaja -
Hiten Desai -
LInux LOver -
Pankaj Jangid -
Philip S Tellis -
Trevor Warren