What HTTP exploit?

• Previous message (by thread): What HTTP exploit?
• Next message (by thread): What HTTP exploit?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Vinny Abello wrote:

> At 11:07 AM 5/31/2004, Mike Nice wrote:
> 
>> >It seems to be another stupid Microsoft Exploit that just
>> >causes annoyance for Unix Boxes.
>> >The only side effect is they fill my dmesg logs with
>> >signal 11's from apache crashing.
>>
>>    Am I the only one that sees the irony that Apache seg faults from an
>> attack aimed at Msoft?!
> 
> I mentioned that too to the original poster, but they didn't seem that 
> concerned since Apache respawns itself. I thought if it can be crashed 
> by cramming too much info into a buffer before it's truncated, that's 
> considered a buffer overflow. I'm no programmer and may be off base here 
> but it just struck me as odd also. You're not alone Mike. :)

I'm not sure what the background message is here--and I certainly don't
know the issues involved in handling the attack gracefully are, but it
does seem clear to me that crash-and-respawn is a better idea than
multiply-the-attacker-and-the-damage-diameter is.

-- 
Requiescas in pace o email

Ex turpi causa non oritur actio

http://members.cox.net/larrysheldon/

• Previous message (by thread): What HTTP exploit?
• Next message (by thread): What HTTP exploit?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]