Bugtraq mailing list archives
3Ware 3DM denial of service attack
From: "Neulinger, Nathan" <nneul () umr edu>
Date: Thu, 30 Jan 2003 09:57:37 -0600
I've reported this to 3ware at least twice, and never received any response. Previously I didn't have a test case other than "run a nessus scan against the host". I've narrowed it down to a reproducible minimum test case now. If you connect to 3dm port 1080 on either linux or windows and send: GET / HTTP/1.1 Host: foo Accept-Charset: bar 3dm server will terminate immediately. Other 3dm problems - it flips out and refuses to accept a login if you have ANY cookies sent. This screws you over if you have a sitewide .domain.edu cookie for example. -- Nathan ------------------------------------------------------------ Nathan Neulinger EMail: nneul () umr edu University of Missouri - Rolla Phone: (573) 341-4841 Computing Services Fax: (573) 341-4216
Current thread:
- 3Ware 3DM denial of service attack Neulinger, Nathan (Jan 30)
- Re: 3Ware 3DM denial of service attack Jason Giglio (Jan 30)