ricardo dominguez on Wed, 10 Apr 2002 16:49:01 +0200 (CEST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Nettime-bold] WEF attack and homework

Any helpful hints for this poor "intrursion and dection" student?


----- Original Message ----- 
From: "Julien Delfosse" <delfosse@student.fsa.ucl.ac.be>
To: <rdom@thing.net>
Sent: Wednesday, April 10, 2002 10:21 AM
Subject: WEF attack

> Hi,
> I'm currently following a course about intrusion
> detection and security with Marc Dacier.
> I had to study your attack against WEF, which is
> quite easy to understand, but the second part
> seems more difficult to me : I have to detect this
> attack (possibly before it's too late) and block
> it if possible.  We're supposed to use snort as
> firewall, but imho it's impossible to detect the
> attack without a statefull firewall (all HTTP
> requests are valid, without stats about traffic
> it's imposiible to do anything)
> Do you have an idea of what I could do with snort
> ?
> Thanks in advance.
> Julien Delfosse

Nettime-bold mailing list