Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: lots of connections to port 80
From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Fri, 18 Apr 2008 11:22:43 -0400


On Fri, 18 Apr 2008 11:11:53 -0400 news () dmcdonald net wrote:
Eh? The closest thing I can think of to what you're saying is if 
the cause
of a DDOS was stored XSS on a popular site(s) being used get users
browsers to request information from The XSS would 
be done
else where, and the DDOS attack itself would contain no 'payload'.

That is exactly what I am saying, thank you for clarifying for the 
others. Sometimes I am not as articulate as I would like to be.

In which case filtering user input on his side isnt going to 

Actually, it is going to anything, if done properly.

Plus, you still have no reason for calling this a textbool case of 
XSS, or
anything else for that matter. Without seeing the tcpdump, all we 
can do
is reel of a list of things in might be.

Your logic is not correct here. Please rethink this statement.





Amazing cruises.  Click here to find great deals.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]