[JaxPM] wget, etc...
Nate Campi
nate at campi.cc
Fri Aug 3 12:42:15 CDT 2001
On the jacksonville-pm-list; Jax.PM'er Nate Campi <nate at campi.cc> wrote -
On Fri, Aug 03, 2001 at 08:33:29AM -0400, JONES, WILLIAM C wrote:
> On the jacksonville-pm-list; Jax.PM'er "JONES, WILLIAM C" <wcjones at exchange.fccj.org> wrote -
>
> Hmmm...
>
> A 'Web Suck' is easily detected and blocked... But I would have to
> 'upgrade' to a heavier algorythm like yhe following (this set just sends
> notifications - but you get the idea) --
>
<snip>
>
> It would be trivial to detect nate trying to scam on all the cool parts of a
> web site and BLOCK him -- the side effect would be he could get around it by
> going very SLOWLY -- which sort of defeats the purpose...
No, the purpose is to get the content for storage elsewhere, not to get
it quickly.
This is much like how if I wanted to compromise your systems, I would
want to do a little port scanning. I would never do fast portscans over
many ports, I'd scan only a couple important ports from different hosts
from at/cron jobs at random times from random hosts.
A NIDS setup could almost never spot this when done right, and only a
very paranoid person could figure out much from logs if this is done
well.
This sort of approach does start to breakdown in the context we're
discussing it, needing thousands of files from a web server. Doing it
slowly would really suck ;)
--
Nate
Jax.PM Moderator's Note:
This message was posted to the Jacksonville Perl Monger's Group listserv.
The group manager can be reached at -- owner-jacksonville-pm-list at pm.org
to whom send all praises, complaints, or comments...
More information about the Jacksonville-pm
mailing list