Bugtraq mailing list archives
Re: def-2001-10: Websweeper Infinite HTTP Request DoS
From: Derek Kwan <dkwan () KWAN CA>
Date: Thu, 8 Mar 2001 15:03:51 -0500
Dumb question... How's a FW going to prevent people connect to the web port and issue this kind of Infinite HTTP request? Unless the FW also have some kind of realtime IDS build into it to block traffic in realtime... Am I correct? Derek On Thu, 8 Mar 2001, [iso-8859-1] Peter Gr?ndl wrote:
====================================================================== Defcom Labs Advisory def-2001-10 Websweeper Infinite HTTP Request DoS Author: Peter Gr?ndl <peter.grundl () defcom com> Release Date: 2001-03-08 ======================================================================
[snip...]
GET / HTTP/1.0 Host: www.foo.org referrer: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.................
[snip...]
---------------------------=[Workaround]=----------------------------- None known, the vendor suggest placing a firewall infront of the websweeper application.
Current thread:
- def-2001-10: Websweeper Infinite HTTP Request DoS Peter Gründl (Mar 08)
- Re: def-2001-10: Websweeper Infinite HTTP Request DoS Derek Kwan (Mar 11)
- Re: def-2001-10: Websweeper Infinite HTTP Request DoS van der Kooij, Hugo (Mar 12)
- Re: def-2001-10: Websweeper Infinite HTTP Request DoS Derek Kwan (Mar 11)