|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Florian Duerr (florian.duerr
dimensionx.ch)Date: Mon May 14 2001 - 11:32:26 CDT
hi there
you can use a normal tool like webtrends or webalyzer or webaccountor (the
last i programmed myself ;> ) and have a closer look at the following
things:
- is there a page on your web much more often "visited" than the others? ->
Broot Force / Dictionnary-Attack
- are there one day much more visitors than the other days? -> Spoofed-IP
used during the Attack (Shit!)
- Are there Logon-Pages in your Web (CGI, ASP)? -> Pass Guess-Attack
it's very simple and costs you no time. i do this by myself this way. i
don't know how big your web is, but mine generates about 4000 lines per day
in the log....lot's of fun by analysing *this* manually ;)
I'm quite sure, that there are specialised tools and i'd be interessted to
here from one in this mailing-list :)
bye
Florian Dürr
MCP / Systems Engineer
Webmaster www.DimensionX.ch
------Originalnachricht-----
>Von: "Dimitri Limanovski" <dimitriSALLIEMAESOLUTIONS.COM>
>An: "FOCUS-MSSECURITYFOCUS.COM" <FOCUS-MSSECURITYFOCUS.COM>
>Cc:
>Bcc:
>Betreff: Log checker
>Typ: IPM.Note
>Datum: Freitag, 11. Mai 2001 18:21
>
>Is there a tool that will examine WWW/FTP log files for possible
attacks? I
>do it by hand on a daily basis but would like to know if there's an
>automated solution to do this.
>Thanks!
>
>Dimitri
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]