Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [intrusion-prevention]

17 questions
8
votes
2 answers

Blocking apache access via user agent string

I've got a scripter who is using a proxy to attack a website I'm serving. I've noticed that they tend to access the site via software with a certain common user agent string (i.e. http://www.itsecteam.com/en/projects/project1_page2.htm "Havij…
Kzqai
  • 1,278
  • 4
  • 17
  • 32
5
votes
2 answers

Someone is abusing my server but how do I stop the abuse?

I am beginner system admin on a bunch of virtualized web servers. Recently we got an e-mail that one of our servers is being used for 'brute force' attacks. The content of the e-mail was similar to the following. Greetings, /somehost/ abuse team…
Tony Stark
  • 372
  • 1
  • 3
  • 17
2
votes
2 answers

Detecting/preventing malicious outlook rules

Attackers like to abuse Outlook for a variety of purposes. For example, an attacker could auto forward emails to a remote address or persist inside a network by creating client-side rules that execute a malicious program/script when a user receives…
tifkin
  • 288
  • 2
  • 7
1
vote
0 answers

FortiGate SSL Offloading & Intrusion Protection System

We're using a FortiGate 620B (v5.2.9) for offloading SSL traffic to our website. Now we would like to activate the Intrusion Protection System (the IPS). However in order for the IPS to work, SSL deep inspection needs to be activated, which…
knee-cola
  • 221
  • 1
  • 6
1
vote
0 answers

SonicWall NSA2400 after firmware upgrade to 5.9 - not able to log some intrusion prevention/detection statements

After upgrading firmware to 5.9 version I'm not able to log intrusion prevention/detection for statements like PHP CGI Argument Injection, Remote Command Execution, Remote File Inclusion, WEB-ATTACKS, etc. I have enabled alerts for IPS and IDP with…
JackTheKnife
  • 371
  • 1
  • 6
  • 22
1
vote
1 answer

Intrusion detection

I've got a security project regarding the intrusion detection and prevention. I've been googling about it but didn't land up on something substantial. I'm supposed to submit an abstract as of now, I'd like to know how an IDPS is implemented and what…
Anurag
1
vote
1 answer

How does blocking specific ports with fail2ban compare against blocking all ports?

I am setting up fail2ban for my EC2 instances, each of which have different services running. Hence, I am configuring the jails specifically for each service. I have two questions (for which I could not find an answer elsewhere): If an IP gets…
Rohit Gavval
  • 111
  • 1
  • 2
0
votes
1 answer

Blocking "pokes" of our system

We get tons of these in our apache error log every day. [Wed Oct 17 03:27:37 2018] [error] [client 103.41.124.159] File does not exist: /var/www/html/phpmyadmin [Wed Oct 17 03:27:37 2018] [error] [client 103.41.124.159] File does not exist:…
MB34
  • 167
  • 2
  • 9
0
votes
1 answer

Tracking all network access to server made by particular IP

Is there any way that I can track any network access (on any port) made to my server by a particular IP? I'm on Ubuntu Server 16.04 LTS and am using uncomplicated firewall. Preferably, I'd be able to hook whatever the solution is into a script to…
Ben Wilkinson
  • 1
0
votes
1 answer

What is simple way to ensure that HTTP request with some specific header come only from a specific IP only?

My web application run on Centos6. I want to protect my application. I want to ensure that HTTP request with some specific header come only from a specific IP only. (The header include a user name and I want to prevent HTTP header…
Michael
  • 587
  • 3
  • 9
  • 23
0
votes
1 answer

How to detect my server is used as a port scanner?

My Web Server is running Ubuntu 12.04.2 LTS with all security updates installed. It is used as a Web Proxy server that handles incoming requests on HTTP/80 HTTPS/443 but also retrieves web content from other servers using HTTP/HTTPS connections. The…
Chris2M
  • 11
  • 1
  • 3
0
votes
1 answer

Have I Just Been Hacked? (Intrusion Alert, Known Hacker's Email is Marked as Recipient for an Email in Thunderbird)

I'm a product creator, and in attempt to track and stem my losses from piracy, I occasionally visit a bulletin board dedicated to piracy and piracy-for-profit; my products are regularly pirated and sold there. When visiting, I often get intrusion…
tim
  • 1
  • 1
0
votes
1 answer

How Does Cisco IPS Work?

How does it work? Does it typically have predefined patterns of trusted or malicious activity? Is it actually a category of firewall techniques? I am more curious about Cisco than I am about other products..
700 Software
  • 2,163
  • 9
  • 47
  • 77
0
votes
0 answers

How to detect malicious programs on VPS or find remote connections to it

Serveral months ago, my VPS got hacked and used to attack other servers automatically. Knowing nothing about what to do, I just rebooted the server and changed the passwords. However, I continue to receive alerts saying that my VPS is used to attack…
Peter suib
  • 1
  • 1
-1
votes
2 answers

How to count the number of SYN, ACK, or SYN-ACK in a second?

I want to make a DDoS SYN Flood Detection, so i need to count the number of SYN, ACK, or SYN-ACK packet per second.
Gilang Ramadhan
  • 1
1
2