Bugtraq mailing list archives
Re: a cheesy Apache / IIS DoS vuln (+a question)
From: "William A. Rowe, Jr." <wrowe () rowe-clan net>
Date: Thu, 04 Jan 2007 02:34:14 -0600
Michal Zalewski wrote:
On Wed, 3 Jan 2007, William A. Rowe, Jr. wrote:If you have an issue with this behavior, of HTTP, then you have an issue with the behavior under FTP or a host of other protocols.Not really; see above. These are typically well known, preventable by configuring server-side limits, and require a much higher overhead.
On the matter of your 1GB window (which is, again, the real issue), you have any examples of a kernel that permits that large a sliding window buffer by default, or any examples where this is commonly set quite that high? If not, what is your logic for negotiating a packet window larger than the OS will permit?
Current thread:
- a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 03)
- Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr. (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr. (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr. (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Gadi Evron (Jan 08)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Rob Sherwood (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr. (Jan 09)
- Re: a cheesy Apache / IIS DoS vuln (+a question) bugtraq (Jan 10)