[70902] in North American Network Operators' Group
Re: What HTTP exploit?
daemon@ATHENA.MIT.EDU (Laurence F. Sheldon, Jr.)
Mon May 31 11:36:56 2004
Date: Mon, 31 May 2004 10:34:23 -0500
From: "Laurence F. Sheldon, Jr." <LarrySheldon@cox.net>
To: nanog@merit.edu
In-Reply-To: <6.1.1.1.2.20040531112940.04dac5c0@pop3.tellurian.com>
Errors-To: owner-nanog-outgoing@merit.edu
Vinny Abello wrote:
> At 11:07 AM 5/31/2004, Mike Nice wrote:
>
>> >It seems to be another stupid Microsoft Exploit that just
>> >causes annoyance for Unix Boxes.
>> >The only side effect is they fill my dmesg logs with
>> >signal 11's from apache crashing.
>>
>> Am I the only one that sees the irony that Apache seg faults from an
>> attack aimed at Msoft?!
>
> I mentioned that too to the original poster, but they didn't seem that
> concerned since Apache respawns itself. I thought if it can be crashed
> by cramming too much info into a buffer before it's truncated, that's
> considered a buffer overflow. I'm no programmer and may be off base here
> but it just struck me as odd also. You're not alone Mike. :)
I'm not sure what the background message is here--and I certainly don't
know the issues involved in handling the attack gracefully are, but it
does seem clear to me that crash-and-respawn is a better idea than
multiply-the-attacker-and-the-damage-diameter is.
--
Requiescas in pace o email
Ex turpi causa non oritur actio
http://members.cox.net/larrysheldon/
