nanog mailing list archives
Re: What HTTP exploit?
From: "Laurence F. Sheldon, Jr." <LarrySheldon () cox net>
Date: Mon, 31 May 2004 10:34:23 -0500
Vinny Abello wrote:
At 11:07 AM 5/31/2004, Mike Nice wrote:>It seems to be another stupid Microsoft Exploit that just >causes annoyance for Unix Boxes. >The only side effect is they fill my dmesg logs with >signal 11's from apache crashing. Am I the only one that sees the irony that Apache seg faults from an attack aimed at Msoft?!I mentioned that too to the original poster, but they didn't seem that concerned since Apache respawns itself. I thought if it can be crashed by cramming too much info into a buffer before it's truncated, that's considered a buffer overflow. I'm no programmer and may be off base here but it just struck me as odd also. You're not alone Mike. :)
I'm not sure what the background message is here--and I certainly don't know the issues involved in handling the attack gracefully are, but it does seem clear to me that crash-and-respawn is a better idea than multiply-the-attacker-and-the-damage-diameter is. -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Current thread:
- What HTTP exploit? John Palmer (NANOG Acct) (May 30)
- RE: What HTTP exploit? Todd Mitchell - lists (May 30)
- Re: What HTTP exploit? Matthew McGehrin (May 30)
- Re: What HTTP exploit? Richard Welty (May 30)
- Re: What HTTP exploit? Suresh Ramasubramanian (May 30)
- <Possible follow-ups>
- Re: What HTTP exploit? Mike Nice (May 31)
- Re: What HTTP exploit? Vinny Abello (May 31)
- Re: What HTTP exploit? Laurence F. Sheldon, Jr. (May 31)
- Re: What HTTP exploit? Paul G (May 31)
- Re: What HTTP exploit? Bob Martin (May 31)
- Re: What HTTP exploit? Jason Dixon (May 31)
- Re: What HTTP exploit? Vinny Abello (May 31)