ricardo dominguez on Thu, 11 Apr 2002 07:46:23 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> WEF attack and homework


Any helpful hints for this poor "intrursion and dection" student?

r

----- Original Message ----- 
From: "Julien Delfosse" <delfosse@student.fsa.ucl.ac.be>
To: <rdom@thing.net>
Sent: Wednesday, April 10, 2002 10:21 AM
Subject: WEF attack


> Hi,
> 
> I'm currently following a course about intrusion
> detection and security with Marc Dacier.
> 
> I had to study your attack against WEF, which is
> quite easy to understand, but the second part
> seems more difficult to me : I have to detect this
> attack (possibly before it's too late) and block
> it if possible.  We're supposed to use snort as
> firewall, but imho it's impossible to detect the
> attack without a statefull firewall (all HTTP
> requests are valid, without stats about traffic
> it's imposiible to do anything)
> 
> Do you have an idea of what I could do with snort
> ?
> 
> Thanks in advance.
> 
> Julien Delfosse

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net