wireshark culprits can bypass your filter this by changing ips
 
much better to:
1)encrypt your data BEFORE you put it on the wire
http://www.mobilefish.com/developer/bouncycastle/bouncycastle.html
2)Implement SSL on Tomcat
http://mircwiki.rsna.org/index.php?title=Configuring_Tomcat_to_Support_SSL

Martin Gainty 
______________________________________________ 
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger 
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung 
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem 
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. 
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung 
fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le 
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez 
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est 
interdite. Ce message sert à l'information seulement et n'aura pas n'importe 
quel effet légalement obligatoire. Étant donné que les email peuvent facilement 
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité 
pour le contenu fourni.



 

> Date: Mon, 8 Nov 2010 01:09:12 -0800
> From: [email protected]
> Subject: Re: Malicious host is crashing my server
> To: [email protected]
> 
> DumpFilter is a good idea. For the time being we have decided to just block 
> the 
> ip address. If it comes again from a different IP, I guess we will need to 
> further examine!
> 
> Thanks for all the good ideas
> 
> Assaf
> 
> 
> ----- Original Message ----
> From: David Fisher <[email protected]>
> To: Tomcat Users List <[email protected]>
> Cc: Tomcat Users List <[email protected]>
> Sent: Mon, November 8, 2010 12:00:49 AM
> Subject: Re: Malicious host is crashing my server
> 
> You could modify the RequestDumpFilter to only dump the request for that ip 
> address.
> 
> Regards,
> Dave
> 
> Sent from my iPhone
> 
> On Nov 7, 2010, at 12:28 PM, Assaf <[email protected]> wrote:
> 
> > A filter to block is good. But then I would not be able to see him doing it 
> > again and then find out the issue.
> > 
> > Assaf
> > 
> > 
> > ----- Original Message ----
> > From: "Caldarale, Charles R" <[email protected]>
> > To: Tomcat Users List <[email protected]>
> > Sent: Sun, November 7, 2010 6:48:20 PM
> > Subject: RE: Malicious host is crashing my server
> > 
> >> From: Assaf [mailto:[email protected]] 
> >> Subject: Malicious host is crashing my server
> > 
> >> what can I do to better protect?
> > 
> > As a temporary preventive measure, you can disable access from this 
> > particular 
> 
> > IP address by configuring the RemoteAddrValve in server.xml:
> > 
> > <Valve className="org.apache.catalina.valves.RemoteAddrValve" 
> > deny="79\.177\.23\.102"/>
> > 
> > That should give you some time to work out the real fix.
> > 
> > - Chuck
> > 
> > 
> > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
> > MATERIAL and is thus for use only by the intended recipient. If you 
> > received 
> > this in error, please contact the sender and delete the e-mail and its 
> > attachments from all computers.
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
> > For additional commands, e-mail: [email protected]
> > 
> > 
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
> > For additional commands, e-mail: [email protected]
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
> 
                                          

Reply via email to