Firewall Wizards mailing list archives

Re: HTML DOS? (http://microsoft.com/NTServer/all/Downloads.asp)

From: Alexander Schreiber <Alexander.Schreiber () informatik tu-chemnitz de>
Date: Tue, 18 May 1999 13:54:21 +0200 (MET DST)

Hi !

On Sun, 16 May 1999, Roger Marquis wrote:

Has anyone attempted to browse:

      http://microsoft.com/NTServer/all/Downloads.asp 

using Netscape Navigator and noticed what seems to be an HTML denial
of service?  I've tested this page with Javascript on and off, Java on
and off, cookies on and off, under FreeBSD, Linux and Solaris and the
behavior is consistent:

      * Navigator freezes for several seconds
      * CPU utilization climbs briefly to near 100%
      * memory usage climbs by 11MB 
      * the 11MB or memory are not released even after leaving
        the page and clearing disk and RAM caches.

The page <HEAD> shows two possible sources for this extremely unusual
browser behavior:

      <HTML><HEAD>

      <META HTTP-EQUIV="PICS-Label" CONTENT='(PICS-1.1
      "http://www.rsac.org/ratingsv01.html"; l comment "RSACi North America
      Server" by "inet () microsoft com" r (n 0 s 0 v 0 l 0))'> <META
      NAME="MS.LOCALE" CONTENT="EN-US"> <LINK REL="stylesheet"
      TYPE="text/css" HREF="/NTServer/global/Netscape.css"> <SCRIPT
      SRC="/ntserver/inc/jscripts.js" LANGUAGE="javascript">

      </SCRIPT></HEAD>

Is there a tool (other than tcpdump) which can examine this
"Netscape.css" script?


I fetched it with wget. It is a stylesheet with quite a lot of definitions -
it's 904 lines and 15 KB in size and it has over 120 definitions in it ... 

Because of it's size I'm not posting it here.

Maybe it's an attempt to overload the CSS-handling code of Netscape and 
''prove''[1] that Netscape is inferior to their own Internet Exploiter ?



[1] for appropriate values of ''prove''


Regards,
       Alex.
-- 
------------------------------------------------------------------------------ 
 EMail : als () informatik tu-chemnitz de | WWW : http://www.tu-chemnitz.de/~als
 If privacy is outlawed, only outlaws will have | Ceterum censeo Parva Mollia
 privacy. (Philip Zimmerman, author of PGP)     | esse delendam.

Current thread:

HTML DOS? (http://microsoft.com/NTServer/all/Downloads.asp) Roger Marquis (May 17)
- Re: HTML DOS? (http://microsoft.com/NTServer/all/Downloads.asp) Alexander Schreiber (May 18)
- Re: HTML DOS? (http://microsoft.com/NTServer/all/Downloads.asp) Thomas (May 18)
- Re: HTML DOS? (http://microsoft.com/NTServer/all/Downloads.asp) John Mitchell (May 18)
  - Re: HTML DOS? (http://microsoft.com/NTServer/all/Downloads.asp) Wilson Roberto Afonso (May 19)
  - Re: HTML DOS? (http://microsoft.com/NTServer/all/Downloads.asp) John Lines (May 19)