2011/6/29 coderman coder...@gmail.com:
2011/6/26 김무성 ki...@infosec.co.kr:
...
I'm looking for meterials or information, research about that how to detect
DDoS attack through HTTP response analysis(throuput).
you're asking the wrong question.
instead of asking How can I automagically detect
: Wednesday, June 29, 2011 12:30 PM
To: 김무성
Cc: full-disclosure@lists.grok.org.uk; pen-t...@securityfocus.com
Subject: Re: [Full-disclosure] how to detect DDoS attack through HTTP
response analysis(throuput)
2011/6/26 김무성 ki...@infosec.co.kr:
...
I'm looking for meterials or information, research about
2011/6/29 김무성 ki...@infosec.co.kr:
You don't understand my question.
I'm studying and researching about solution of DDoS detection through
analysis of HTTP responses...
i implied that this is less than useful on actual systems than in theory / lab.
if you want to gather useful details you
Hi,
its kinda sstupid/s incorrect way of detecting ddos by reading http
responce.
if server says error 408, it could be just a script which takes long to
complete. if there is some caching server, e.g. nginx, before actual web
server, e.g. apache httpd, then error 502 could be a
Hello folks,
The modsecurity have a better result than mod_qos to slowloris attack,
mod_qos trend to increase the false positives because of NAT and slow
users.
If you test the R-U-D-Y, you see that, modsecurity too protect against
them.
See:
2011/6/26 김무성 ki...@infosec.co.kr:
...
I'm looking for meterials or information, research about that how to detect
DDoS attack through HTTP response analysis(throuput).
you're asking the wrong question.
instead of asking How can I automagically detect exploitation of my
shitty app via HTTP
Hello list,
I'm looking for meterials or information, research about that how to detect
DDoS attack through HTTP response analysis(throuput).
for example,
if there are many 408 request timeout responses, we can think this is
slowloris or RUDY DDoS attack.
On Jun 27, 2011, at 9:30 AM, 김무성 wrote:
if there are many 408 request timeout responses, we can think this is
slowloris or RUDY DDoS attack.
Many things can cause this - not just DDoS. In fact, I've rarely seen a DDoS
resulting in these responses, because in an effective DDoS, one often
Hi,
its kinda sstupid/s incorrect way of detecting ddos by reading http
responce.
if server says error 408, it could be just a script which takes long to
complete. if there is some caching server, e.g. nginx, before actual web
server, e.g. apache httpd, then error 502 could be a result