ricardo dominguez on Thu, 11 Apr 2002 07:46:23 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
<nettime> WEF attack and homework |
Any helpful hints for this poor "intrursion and dection" student? r ----- Original Message ----- From: "Julien Delfosse" <delfosse@student.fsa.ucl.ac.be> To: <rdom@thing.net> Sent: Wednesday, April 10, 2002 10:21 AM Subject: WEF attack > Hi, > > I'm currently following a course about intrusion > detection and security with Marc Dacier. > > I had to study your attack against WEF, which is > quite easy to understand, but the second part > seems more difficult to me : I have to detect this > attack (possibly before it's too late) and block > it if possible. We're supposed to use snort as > firewall, but imho it's impossible to detect the > attack without a statefull firewall (all HTTP > requests are valid, without stats about traffic > it's imposiible to do anything) > > Do you have an idea of what I could do with snort > ? > > Thanks in advance. > > Julien Delfosse # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: nettime@bbs.thing.net