This is a discussion on Re: [fw-wiz] preventing XSS and SQL injection? - Firewalls ; Again, it is reasonable approach when protecting server, but does not work at all when protecting client. At least the ruleset your refer to. On Thu, Jun 02, 2005 at 04:01:22PM -0400, J. Oquendo wrote: > > On Thu, 2 ...
Again, it is reasonable approach when protecting server, but does not work
at all when protecting client. At least the ruleset your refer to.
On Thu, Jun 02, 2005 at 04:01:22PM -0400, J. Oquendo wrote:
> On Thu, 2 Jun 2005, ArkanoiD wrote:
> > becuase it is too hard to convert history to a formal description. doing it
> > not smart enough will lead to necessarity of adding new patterns daily or
> > even hourly ;-)
> Too hard? Nonsense. If you say you have an assessment of normal patterns,
> a two week interval would should you enough you would need to go by to get
> some form of template going. Adding the remaining anomolies would be
> child's play. New patterns daily or even hourly? My guess is you would
> want to be more specific in your question. Is this web traffic only, does
> it include say VOIP traffic, messenger(s) traffic, DHCP traffic, tunnels.
> For httpd based injection I use mod_security, and I also use
> mod_dosevasive which work just fine. Need a sample mod_security conf you
> could see all the nifty little annoying rules I added to this machine:
> Good luck there are crapload. And you're on your own viewing redirected
> URL's... (You've been warned).
> mod_security for httpd works wonders. As for the firewall level, IDS
> level, I'm sure if you took the time you could get it working by taking a
> snapshot. Anything else sounds like an excuse to avoid going the obvious
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+
> J. Oquendo
> GPG Key ID 0x97B43D89
> To conquer the enemy without resorting to war is the most
> desirable. The highest form of generalship is to conquer
> the enemy by strategy." - Sun Tzu
> email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
firewall-wizards mailing list