wireshark culprits can bypass your filter this by changing ips much better to: 1)encrypt your data BEFORE you put it on the wire http://www.mobilefish.com/developer/bouncycastle/bouncycastle.html 2)Implement SSL on Tomcat http://mircwiki.rsna.org/index.php?title=Configuring_Tomcat_to_Support_SSL
Martin Gainty ______________________________________________ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Date: Mon, 8 Nov 2010 01:09:12 -0800 > From: [email protected] > Subject: Re: Malicious host is crashing my server > To: [email protected] > > DumpFilter is a good idea. For the time being we have decided to just block > the > ip address. If it comes again from a different IP, I guess we will need to > further examine! > > Thanks for all the good ideas > > Assaf > > > ----- Original Message ---- > From: David Fisher <[email protected]> > To: Tomcat Users List <[email protected]> > Cc: Tomcat Users List <[email protected]> > Sent: Mon, November 8, 2010 12:00:49 AM > Subject: Re: Malicious host is crashing my server > > You could modify the RequestDumpFilter to only dump the request for that ip > address. > > Regards, > Dave > > Sent from my iPhone > > On Nov 7, 2010, at 12:28 PM, Assaf <[email protected]> wrote: > > > A filter to block is good. But then I would not be able to see him doing it > > again and then find out the issue. > > > > Assaf > > > > > > ----- Original Message ---- > > From: "Caldarale, Charles R" <[email protected]> > > To: Tomcat Users List <[email protected]> > > Sent: Sun, November 7, 2010 6:48:20 PM > > Subject: RE: Malicious host is crashing my server > > > >> From: Assaf [mailto:[email protected]] > >> Subject: Malicious host is crashing my server > > > >> what can I do to better protect? > > > > As a temporary preventive measure, you can disable access from this > > particular > > > IP address by configuring the RemoteAddrValve in server.xml: > > > > <Valve className="org.apache.catalina.valves.RemoteAddrValve" > > deny="79\.177\.23\.102"/> > > > > That should give you some time to work out the real fix. > > > > - Chuck > > > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > > MATERIAL and is thus for use only by the intended recipient. If you > > received > > this in error, please contact the sender and delete the e-mail and its > > attachments from all computers. > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] >
