Bugtraq mailing list archives

Re: a cheesy Apache / IIS DoS vuln (+a question)

From: "William A. Rowe, Jr." <wrowe () rowe-clan net>
Date: Thu, 04 Jan 2007 02:34:14 -0600

Michal Zalewski wrote:

On Wed, 3 Jan 2007, William A. Rowe, Jr. wrote:

If you have an issue with this behavior, of HTTP, then you have an issue
with the behavior under FTP or a host of other protocols.


Not really; see above. These are typically well known, preventable by
configuring server-side limits, and require a much higher overhead.


On the matter of your 1GB window (which is, again, the real issue), you have
any examples of a kernel that permits that large a sliding window buffer by
default, or any examples where this is commonly set quite that high?  If
not, what is your logic for negotiating a packet window larger than the OS
will permit?

Current thread:

a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 03)
- Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr. (Jan 04)
  - Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 04)
    - Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr. (Jan 04)
    - Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 04)
    - Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 04)
  - Re: a cheesy Apache / IIS DoS vuln (+a question) Gadi Evron (Jan 08)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Pieter de Boer (Jan 04)
  - Re: a cheesy Apache / IIS DoS vuln (+a question) Rob Sherwood (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Siim Põder (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) bugtraq (Jan 08)
  - Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr. (Jan 09)
    - Re: a cheesy Apache / IIS DoS vuln (+a question) bugtraq (Jan 10)