nanog mailing list archives

Re: What HTTP exploit?

From: "Laurence F. Sheldon, Jr." <LarrySheldon () cox net>
Date: Mon, 31 May 2004 10:34:23 -0500


Vinny Abello wrote:

At 11:07 AM 5/31/2004, Mike Nice wrote:
>It seems to be another stupid Microsoft Exploit that just
>causes annoyance for Unix Boxes.
>The only side effect is they fill my dmesg logs with
>signal 11's from apache crashing.

   Am I the only one that sees the irony that Apache seg faults from an
attack aimed at Msoft?!
I mentioned that too to the original poster, but they didn't seem thatconcerned since Apache respawns itself. I thought if it can be crashedby cramming too much info into a buffer before it's truncated, that'sconsidered a buffer overflow. I'm no programmer and may be off base herebut it just struck me as odd also. You're not alone Mike. :)


I'm not sure what the background message is here--and I certainly don't
know the issues involved in handling the attack gracefully are, but it
does seem clear to me that crash-and-respawn is a better idea than
multiply-the-attacker-and-the-damage-diameter is.

--
Requiescas in pace o email

Ex turpi causa non oritur actio

http://members.cox.net/larrysheldon/

Current thread:

What HTTP exploit? John Palmer (NANOG Acct) (May 30)
- RE: What HTTP exploit? Todd Mitchell - lists (May 30)
- Re: What HTTP exploit? Matthew McGehrin (May 30)
- Re: What HTTP exploit? Richard Welty (May 30)
  - Re: What HTTP exploit? Suresh Ramasubramanian (May 30)
- <Possible follow-ups>
- Re: What HTTP exploit? Mike Nice (May 31)
  - Re: What HTTP exploit? Vinny Abello (May 31)
    - Re: What HTTP exploit? Laurence F. Sheldon, Jr. (May 31)
    - Re: What HTTP exploit? Paul G (May 31)
  - Re: What HTTP exploit? Bob Martin (May 31)
    - Re: What HTTP exploit? Jason Dixon (May 31)