[19590] in bugtraq
Re: def-2001-10: Websweeper Infinite HTTP Request DoS
daemon@ATHENA.MIT.EDU (Derek Kwan)
Sun Mar 11 14:37:42 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Message-ID: <Pine.LNX.4.10.10103081501150.8591-100000@KWAN.ca>
Date: Thu, 8 Mar 2001 15:03:51 -0500
Reply-To: Derek Kwan <dkwan@KWAN.CA>
From: Derek Kwan <dkwan@KWAN.CA>
X-To: =?iso-8859-1?Q?Peter_Gr=FCndl?= <peter.grundl@DEFCOM.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <00a001c0a7d8$ac5a56b0$71002d0a@dk.defcomsec.com>
Content-Transfer-Encoding: 8bit
Dumb question... How's a FW going to prevent people connect to the web
port and issue this kind of Infinite HTTP request?
Unless the FW also have some kind of realtime IDS build into it to block
traffic in realtime... Am I correct?
Derek
On Thu, 8 Mar 2001, [iso-8859-1] Peter Gründl wrote:
> ======================================================================
> Defcom Labs Advisory def-2001-10
>
> Websweeper Infinite HTTP Request DoS
>
> Author: Peter Gründl <peter.grundl@defcom.com>
> Release Date: 2001-03-08
> ======================================================================
[snip...]
>
> GET / HTTP/1.0
> Host: www.foo.org
> referrer: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.................
[snip...]
>
> ---------------------------=[Workaround]=-----------------------------
> None known, the vendor suggest placing a firewall infront of the
> websweeper application.
>
