I'm contemplating writing a web-server based intrusion detection system.
I'll call it WebIntrude, open source, and support contracts may or may not
be sold. I was thinking that I could write a mod_perl handler to
intercept incoming requests, parse, and compare against a db of known
vulnerability issues. If a request comes in that tries to check for the
existence of, or tries to exploit an issue, the handler will notifiy an
administrator. The rest of the system may or may not be mod_perl based,
you can check out the rest if you are interested at
http://www.knoxlug.org/webintrude/webintrude.html
My question is this:
Is this worth considering? Will it, in concept, place too much load on a
web server? Is it reasonably feasible? Can mod_perl be written sleek
enough not to place a significant load on the server during the
parse/check/notifiy steps of the handler?
Any comments, tips, or suggestions are welcomed.
I'm not advertising, I'm just wondering if mod_perl will be better, or if
once I get it working in mod_perl, I should considering porting to C.
If this isn't appropriate, I apologize.
J. Horner
jhorner@knoxlug.org http://jjhorner.penguinpowered.com/
12:35pm up 10 days, 16:48, 3 users, load average: 0.00, 0.00, 0.00
I'll call it WebIntrude, open source, and support contracts may or may not
be sold. I was thinking that I could write a mod_perl handler to
intercept incoming requests, parse, and compare against a db of known
vulnerability issues. If a request comes in that tries to check for the
existence of, or tries to exploit an issue, the handler will notifiy an
administrator. The rest of the system may or may not be mod_perl based,
you can check out the rest if you are interested at
http://www.knoxlug.org/webintrude/webintrude.html
My question is this:
Is this worth considering? Will it, in concept, place too much load on a
web server? Is it reasonably feasible? Can mod_perl be written sleek
enough not to place a significant load on the server during the
parse/check/notifiy steps of the handler?
Any comments, tips, or suggestions are welcomed.
I'm not advertising, I'm just wondering if mod_perl will be better, or if
once I get it working in mod_perl, I should considering porting to C.
If this isn't appropriate, I apologize.
J. Horner
jhorner@knoxlug.org http://jjhorner.penguinpowered.com/
12:35pm up 10 days, 16:48, 3 users, load average: 0.00, 0.00, 0.00