Bugtraq mailing list archives
Re: Web servers / possible DOS Attack / mime header flooding
From: lars () APACHE ORG (Lars Eilebrecht)
Date: Fri, 4 Sep 1998 00:00:26 +0200
-----BEGIN PGP SIGNED MESSAGE----- According to Laurent FACQ:
# mimeflood.pl - 02/08/1998 - L.Facq (facq () u-bordeaux fr)
This is generally a variant of the recently posted Sioux DoS attack and if you have applied the patch posted by Ben Laurie this 'mimeflood' script won't harm your server in any way. FYI, the next version of Apache will include the following new directives: - LimitRequestLine: limits the size of the request line - LimitRequestFields: limits the number of header lines - LimitRequestFieldsize: limits the size of each header line - LimitRequestBody: limits the size of the entity-body Sensible default values are used if the directives are unset which will prevent the server from beeing flooded with bogus requests... [...]
################################################## #From Roy T. Fielding / Sep 2 '98 at 12:57 pm -420 # #[...] #> #> -> may be a limit on mime header number could be added. # #Such limits have already been added to 1.3.2-dev. # #.....Roy
Redistributing private email is considered to be very rude... or do you have the permission from Roy to post his message? Regards... - -- Lars Eilebrecht sfx () unix-ag org lars () apache org -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 iQCSAwUBNe8ReT6Pt/L4g0HZAQFw3gPmMDISBodr5OAVDWfVNLygwTbFIHm0vbGP qJ+mDspBxFr39OJq+VwdNd32onHcJlcTWqAMhxQjSV4u4SlvzRPVD8U7X0QeCO4A XjskKT+n72lw94VL6Q0tmpomzeQVh3wrasRe4H9z5injONyiS7avWwyNIN79FMT2 uH6QMzc= =5cLS -----END PGP SIGNATURE-----
Current thread:
- Re: Security Hole in Axent ESM, (continued)
- Re: Security Hole in Axent ESM Caskey L. Dickson (Sep 01)
- Re: Security Hole in Axent ESM Taral (Sep 02)
- Re: Security Hole in Axent ESM Patrick (Sep 02)
- Borderware predictable initial TCP racer-x () ALTAVISTA NET (Sep 02)
- Re: Borderware predictable initial TCP Aggelos P. Varvitsiotis (Sep 03)
- Web servers / possible DOS Attack / mime header flooding Laurent FACQ (Sep 03)
- Re: Web servers / possible DOS Attack / mime header flooding Vanja Hrustic (Sep 03)
- wwwboard.pl vulnerability bugtraq (Sep 03)
- Re: Web servers / possible DOS Attack / mime header flooding Rich Wood (Sep 03)
- Re: Web servers / possible DOS Attack / mime header flooding Daniel Leeds (Sep 03)
- Re: Web servers / possible DOS Attack / mime header flooding Lars Eilebrecht (Sep 03)
- Re: Security Hole in Axent ESM Taral (Sep 02)
- Fwd: [ISN] Another BO detector that is actually a trojan Reuben Yau (Sep 03)
- Security Bulletins Digest (fwd) Piotr Strzy¿ewski (Sep 03)
- Back Orifice detection and removal The Late Ian Angles (Sep 03)
- Re: Security Hole in Axent ESM Caskey L. Dickson (Sep 01)
- Cisco Security Notice: PIX Firewall Manager File Exposure psirt () CISCO COM (Sep 02)