Re: Sample DOS against the Sambar HTTP-Server

[sreid () SEA-TO-SKY NET (Steve)]

On Mon, Oct 04, 1999 at 12:58:40AM -0000, Dennis Conrad wrote:
> #!/usr/bin/perl
>
> #########
> # Sample DOS against the Sambar HTTP-Server
[snip]
> print $remote "GET " . "X" x 99999999999999999999 . " HTTP/1.0\n\n";

Using that many 9s on my version of Perl fails silently. The above
seems equivalent to: print $remote "GET  HTTP/1.0\n\n";

steve@grok:/home/steve% perl -e 'print "X"x99999999999999999999;'
steve@grok:/home/steve% perl -e 'print "X"x99999999999999999999 || die;'
Died at -e line 1.
steve@grok:/home/steve% perl -v

This is perl, version 5.005_03 built for i386-freebsd
[etc.]

I don't have a Sambar HTTP server to test against but it seems clear
that the code won't work the way the author expected. Perl doesn't
even try to build a string that long. If it did it would run out of
memory and then fail.

I conclude that the script as posted will not DoS the server even if
it is vulnerable, unless a simple "GET  HTTP/1.0" triggers the DoS.

I suggest that until the nature of the DoS is clarified anyone using
the script to test their own server should try it as-is, then try it
with fewer 9s (probably 9999 or 99999, maybe more if it's a resource
exhaustion DoS).