Saturday, January 15, 2005

Beat Hackers At Their Own Game With A Hackerbasher Site

Beat Hackers At Their Own Game With A Hackerbasher SiteBeat Hackers At Their Own Game With A Hackerbasher Site
Learn a strategy that will divert port 80 attacks away from unsecured public Web sites into a dead end where they can't do damage.

  • Prevent automated attacks from reaching legitimate Web domains
  • Automatically divert attacks into a dead end
  • Get a single log that shows all attack traffic

      • Are u under a barrage of attacks ??? hackers and crackers with automated IP port scanners can swamp a Web site with bogus requests and failed logons.The sheer volume of this traffic can reduce response times and overload service request logs. Failed logon attempts (sometimes several hundred in a minute) can obliterate legitimate security reporting in the event viewer. Even if the hacker never gains access to anything, your Web site suffers. I use several procedures to minimize the attack surface. But even after hardening the server and putting it behind a firewall, it is still vulnerable to attacks on port 80.

      Figure 4 Failed Logons from an Automated Attack
      Failed Logons from an Automated Attack

      Many of these attackers appear to be crackers,thrillseekers who simply want to break into something. Crackers usually sniff around for the obvious stuff such as unsecured databases and leftover developer sample files. Obviously, some attackers are on a mission to get in and do damage.

       In this article, an easily implemented strategy is presented that uses HTTP 1.1 host headers to divert port 80 attacks away from unsecured public Web sites into a dead end where they can't do damage. the site, called Hackerbasher, stops the automated attack and records the details about the attack along with the IP address used by the attacker. Hackerbasher doesn't require any special software and its only cost is the time it takes to set it up on your server. You also get the added benefit of being able to monitor port 80 attacks in a single log file. 

      READ THE FULL ARTICLE

      So how do we track down these people? One way is to use a honeypot: an information system resource intended to receive unauthorized or illicit use. The Honeynet Project was set up so that the good guys can watch and analyze what hackers do. The Honeynet Project reports that the average life expectancy of a honeypot on the Internet is 72 hours. The shortest known manual compromise time was 15 minutes, but a worm got the job done in 15 seconds.

      Posted by at

      No comments:

      Post a Comment

      Subscribe to: Post Comments (Atom)