httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] Re: URL - 33000 Characters Length
Date Tue, 30 Mar 2004 08:26:56 GMT
> -----Original Message-----
> From: Björn Friebel [mailto:dragon5@uni.de]
> Sent: Montag, 29. März 2004 18:07
> 
> it does not affect unix systems ;) 
> its an attak against IIS but I do not understand why this 
> kiddy try it agains an apache 

Because hackers don't bother to check what server is running - they just
attack all machines listening to port 80.

<soapbox>
This is one reason why hiding the server signature is a waste of time...
<soapbox/>

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> *smile* 
> take a look here: 
> http://www.fatelabs.com/library/fatelabs-ntdll-analysis.pdf
> 
> greetz 
> Björn 
> 
> 
> "Jack L. Stone" <jackstone@sage-one.net> schrieb im 
> Newsbeitrag news:3.0.5.32.20040329092431.01f29380@10.0.0.10...
> > Dear list:
> > The other day, I asked for help on this issue which I 
> believed was on-topic
> > for this list. Since I did not get an answer, I tried the 
> fbsd-questions
> > list and got one answer that seems close to a solution.
> > 
> > The problem: One server is being hit with a continuous 
> 33,000 character
> > URLs which look like this:
> > 
> /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\
> x02\xb1\....
> > on & on...
> > 
> > ...then followed by another, and another.
> > 
> > One suggestion on the other list thought the following:
> > [...]Someone's trying a buffer overflow trick on you. The way this
> > technique would work is that the sender would attempt to 
> send a request too
> > big for your system to handle, once it reaches the "too big" mark,
> > additional garbage would be sent to overwrite further, then 
> finally a hex
> > request would be written to spawn a shell. I'm not too sure 
> how to stop it
> > other than not placing a limit on how big of a url someone 
> could send, or
> > automatically truncating anything over x amount of size.[...]
> > 
> > My new question on this list:
> > Can someone suggest the proper syntax for a directive to 
> set a URL length
> > maximum?
> > 
> > Best regards,
> > Jack L. Stone,
> > Administrator
> > 
> > SageOne Net
> > http://www.sage-one.net
> > jackstone@sage-one.net
> > 
> > 
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP 
> Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> > 
> > 
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le présent e-mail est
un message privé et personnel, sans rapport avec l'activité boursière du
Groupe SWX.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message