On Wed, Jul 21, 2010 at 7:14 AM, Aaron Freemanaaron.free...@layerz.com
wrote:
Just wondering if anybody has ever worked through a scenario where you
could automatically firewall off an IP address that requested a
poisoned URL?
There is an attacker continuously scanning all of our
I'd think there'd be a way you could do this programatically with a filter.
Though you'd need some way to notify your firewall to block the offending IP,
and perhaps you don't have an actual firewall running.
Then again, you could have another filter that rejects requests from listed IPs
that
Many firewalls can only block 256 ip's at a time. It becomes an expensive
process for them to do packet inspection at that layer. You also need to
setup a system to figure out which ip's to block and then pass those to the
firewall. In my experience, this was a failable system because as soon as
Having run very very large porn sites for a number of years, I've seen
all sorts of automated 'attacks' like that. If you don't have anything
responding to those url's, then you don't have any problems. =)
Anyway, why bother? Just ignore it. I'm sure you have better things to
do with your time
Jon,
Right, so far that's been our tact. This one particular attack is a bit
annoying because it's inflating our logs.
I was just curious if this was a capability within Resin. We wouldn't
take the time to write a custom tag or anything like that to stop it.
Aaron
On 7/21/2010 10:27 AM,
Disk space is cheap and your logs auto rotate. Hopefully you use a
tool like 'grep' (aka: Splunk) to get the important bits (aka: stack
traces) out of your logs.
jon
On Wed, Jul 21, 2010 at 12:47 PM, Aaron Freeman
aaron.free...@layerz.com wrote:
Jon,
Right, so far that's been our tact. This