[23550] in bugtraq
Re: IIS 5.0 Content Length DOS vulnerability
daemon@ATHENA.MIT.EDU (Eric Maiwald)
Tue Dec 18 19:09:36 2001
Date: Tue, 18 Dec 2001 13:59:01 -0500 (EST)
From: Eric Maiwald <emaiwald@fred.net>
To: <bugtraq@securityfocus.com>
In-Reply-To: <200112181811.fBIIBmk00917@mailhost.freebsd.lublin.pl>
Message-ID: <Pine.GSO.4.32.0112181355570.9919-100000@shell.xecu.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
We have been testing the script posted by Mr. Hernandez on an IIS 5.0
system runnion over Win2k SP1. We can get the connections to exist
but after a time, they time out and close. There does not appear to
be any deterioration in the system performance.
Anyone have any more information on this that may indicate how the
DOS actually occurs? Is it a certain number of open connections in
a short period of time?
Also, does anyone have any information as to whether the content-length
parameter gets mangled under normal conditions or is this DOS only
likely in a real attack.
Eric
---------------------------------------------------------------------
Eric Maiwald, CISSP emaiwald@fred.net
Chief Technology Officer 301-977-6966
Fortrex Technologies, Inc. Gaithersburg, MD
---------------------------------------------------------------------
