[linux] apache access log messages
Shannon Prickett
shannonp at u.washington.edu
Mon Apr 26 11:44:56 PDT 2004
On Mon, Apr 26, 2004 at 10:45:53AM -0700, K. David Prince wrote:
> Well, there's a problem: This particular address doesn't resolve to
> anything. And, there are new ones coming in every day. What I'm thinking
> is to put a rule on the firewall that basically says: "If this address
> doesn't resolve into something 'real', then block it." Anyone doing this
> kind of thing?
I have known people to, in the past, use hogwash with good effect to
drop incoming traffic that matched undesirable signatures so that
packets that contained the troublesome requests got dropped on the
floor.
It requires you to use snort-ish firewalling. Here's the URL for the
sourceforge project: http://sourceforge.net/projects/hogwash
Looking at http://hogwash.sourceforge.net/ indicates the project is
languishing, though, so it may not be as useful as it once was.
--Shannon
More information about the Linux
mailing list