Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

HTML DOS? (http://microsoft.com/NTServer/all/Downloads.asp)

From: Roger Marquis <marquis () roble com>
Date: Sun, 16 May 1999 16:59:30 -0700 (PDT)
Has anyone attempted to browse:

        http://microsoft.com/NTServer/all/Downloads.asp 

using Netscape Navigator and noticed what seems to be an HTML denial
of service?  I've tested this page with Javascript on and off, Java on
and off, cookies on and off, under FreeBSD, Linux and Solaris and the
behavior is consistent:

        * Navigator freezes for several seconds
        * CPU utilization climbs briefly to near 100%
        * memory usage climbs by 11MB 
        * the 11MB or memory are not released even after leaving
          the page and clearing disk and RAM caches.

The page <HEAD> shows two possible sources for this extremely unusual
browser behavior:

        <HTML><HEAD>

        <META HTTP-EQUIV="PICS-Label" CONTENT='(PICS-1.1
        "http://www.rsac.org/ratingsv01.html"; l comment "RSACi North America
        Server" by "inet () microsoft com" r (n 0 s 0 v 0 l 0))'> <META
        NAME="MS.LOCALE" CONTENT="EN-US"> <LINK REL="stylesheet"
        TYPE="text/css" HREF="/NTServer/global/Netscape.css"> <SCRIPT
        SRC="/ntserver/inc/jscripts.js" LANGUAGE="javascript">

        </SCRIPT></HEAD>

Is there a tool (other than tcpdump) which can examine this
"Netscape.css" script?

--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
Previous By Date Next
Previous By Thread Next

Current thread: