|
Bugtraq
mailing list archives
Re: def-2001-10: Websweeper Infinite HTTP Request DoS
From: Derek Kwan <dkwan () KWAN CA>
Date: Thu, 8 Mar 2001 15:03:51 -0500
Dumb question... How's a FW going to prevent people connect to the web
port and issue this kind of Infinite HTTP request?
Unless the FW also have some kind of realtime IDS build into it to block
traffic in realtime... Am I correct?
Derek
On Thu, 8 Mar 2001, [iso-8859-1] Peter Gr?ndl wrote:
======================================================================
Defcom Labs Advisory def-2001-10
Websweeper Infinite HTTP Request DoS
Author: Peter Gr?ndl <peter.grundl () defcom com>
Release Date: 2001-03-08
======================================================================
[snip...]
GET / HTTP/1.0
Host: www.foo.org
referrer: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.................
[snip...]
---------------------------=[Workaround]=-----------------------------
None known, the vendor suggest placing a firewall infront of the
websweeper application.
 By Date 
By Thread
Current thread:
| 
Intro
