mod_evasive - testing remotely
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I have 3 questions here.
1. I have installed mod_evasive version 1.10.1 on a Cent OS 4.4 server.
I'm using the test.pl script that comes with mod_evasive to test the
configuration and when running the script from the same server
mod_Evasive is installed. The mod_evasive is able to detect the
intrusion and block the IP of the server.
If I use the same test.pl script from an external server the requests
come in and are viewable in the access log but mod_evasive doesnt block
the IP of the external server. Probably is not blocing the ip of the
external server because of latency.
Is there a way to modify the test.pl script to make it more agressive and get results when testing from an external server?
Here I'm pasting the code of the test.pl script:
#!/usr/bin/perl
# test.pl: small script to test mod_dosevasive's effectiveness
use IO:Socket;
use strict;
for(0..100) {
my($response);
my($SOCKET) = new IO:Socket::INET( Proto => "tcp",
PeerAddr=> "test.domain.tld:80");
if (! defined $SOCKET) { die $!; }
print $SOCKET "GET /?$_ HTTP/1.0\n\n";
$response = <$SOCKET>;
print $response;
close($SOCKET);
}
2. Also, I have sendmail installed and on the mod_evasive config
I have email address specified on DOSEmailNotify. When testing from the
internal server with the test.pl script the server is able to block the
ip, put in the hash table but it never sends an email to my email
address.
3. Do I have to use mod_evasive with modsecurity? Or can I use modsecurity by itself?
Any inputs?
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]