[19602] in bugtraq
Re: def-2001-10: Websweeper Infinite HTTP Request DoS
daemon@ATHENA.MIT.EDU (van der Kooij, Hugo)
Mon Mar 12 04:25:22 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.30.0103112248490.11222-100000@bastion.hugo.vanderkooij.org>
Date: Sun, 11 Mar 2001 22:54:31 +0100
Reply-To: Hugo.van.der.Kooij@CAIW.NL
From: "van der Kooij, Hugo" <Hugo.van.der.Kooij@CAIW.NL>
X-To: Derek Kwan <dkwan@KWAN.CA>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.10103081501150.8591-100000@KWAN.ca>
On Thu, 8 Mar 2001, Derek Kwan wrote:
> Dumb question... How's a FW going to prevent people connect to the web
> port and issue this kind of Infinite HTTP request?
>
> Unless the FW also have some kind of realtime IDS build into it to block
> traffic in realtime... Am I correct?
Depends on the firewall. FireWall-1 allows you to use resource definitions
and you can limit the lenght of the URL.
However I would not recommend to let the firewall do this. This kind of
things is why I hired websweeper. It sounds stupid to protect a server
that is there to protect your network.
I'll raise this on Monday through the normal channels. We got customers on
websweeper and I find this rather disturbing.
Hugo.
Ps: using resource definitions this way would put extra load on your
firewall which may be unwanted.
--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland
hugo@vanderkooij.org http://hvdkooij.xs4all.nl/
--------------------------------------------------------------
