Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IIS 5.0 Content Length DOS vulnerability

From: Eric Maiwald <emaiwald () fred net>
Date: Tue, 18 Dec 2001 13:59:01 -0500 (EST)
We have been testing the script posted by Mr. Hernandez on an IIS 5.0
system runnion over Win2k SP1. We can get the connections to exist
but after a time, they time out and close. There does not appear to
be any deterioration in the system performance.

Anyone have any more information on this that may indicate how the
DOS actually occurs?  Is it a certain number of open connections in
a short period of time?

Also, does anyone have any information as to whether the content-length
parameter gets mangled under normal conditions or is this DOS only
likely in a real attack.

Eric

---------------------------------------------------------------------
Eric Maiwald, CISSP                                 emaiwald () fred net
Chief Technology Officer                                 301-977-6966
Fortrex Technologies, Inc.                           Gaithersburg, MD
---------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: