Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Regarding RSnake FD
From: Jah wont_pay_the_bills <stopthesesdude () gmail com>
Date: Thu, 18 Jun 2009 07:03:07 -0400

I'm out of doobies, and i get nervous when i read lines like this :

"=head1 AFFECTS
Apache 1.x, Apache 2.x, dhttpd, GoAhead WebServer, Squid, others...?
=head1 NOT AFFECTED
IIS6.0, IIS7.0, lighthttpd, others...?"











2009/6/18 sl () cker <sl () ckers org>

Chill, the Apache folks said it was OK...maybe you should have read the
whole post.

security () apache org:
"DoS attacks by tying up TCP connections are expected. Please see:

http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos

Regards, Joe"

The Apache guys clearly stated that this was expected behavior, we
simply made another test case for the "expected", why the outrage?

Additionally there are ways to defend against this already, which also
cover other DoS attacks, not to mention most enterprises with load
balancers aren't affected anyway (F5 and Netscaler tested).

-id
ha.ckers.org

 >Hey,
 >
 >Regarding this script-kiddie perfect tool
 >http://milw0rm.com/exploits/8976and this article :
 >http://ha.ckers.org/blog/20090617/slowloris-http-dos/
 >
 >Are you fucking NUTS ?
 >
 >What's your point ? you wanna get famous ?, need attention or
something ? or
 >it's a commercial issue ?
 >
 >What gives you the right to give that knowledge to any unknowledged kids
 >arounds ?
 >
 >You feel hot or wanna feel hot or something ?
 >
 >Dude, your a fucking prick.
 >
 >Now lot's of enterprises are in deep shit, feeling happy with it ?
 >Feeling the blackhat adrenaline groing in you ?
 >You're a kid that doesnt understand an oz of your disclosure.
 >
 >You're an asshole who doesnt even understand what means work in the
security
 >industry.
 >I guess you're like Aelphaeis Mangarae, who like to talk about, why we
 >should say fuck u to FD while posting NOOBS paper about PHP security
issue
 >on MILW0RM
 >GET A FUCKING BRAIN ASSHOLE, you're a real prick.
~

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]