[ILUG-BOM] Web server buffer overflows
S. Krishnan
sri_krishnan@[EMAIL-PROTECTED]
Fri Jul 20 16:26:02 IST 2001
--- Satya <satyap at satya.virtualave.net> wrote:
> On Jul 20, 2001 at 01:13, Philip S Tellis wrote:
>
> >Sometime on Jul 19, Satya assembled some asciibets
> to say:
> [someone else said:]
> >> >Sure looks like one. Log the IP and complain to
> the
> >> >ISP as well as to CAUCE.
> >> Unless it's a DoS, he has no reasonable cause to
> complain. And why
> >> CAUCE?
> >
> >I don't think a DoS works if a hit happens once in
> five to twelve hours.
>
Maybe you ought to read up on the differences between
buffer overflows and DoS attacks.:-)
> Yes, which is why you have no real cause for
> complaint. The URL is
> suspicious, but can you complain about a suspicious
> request based on
> that particular one? (That is not a rhetorical
> question.)
>
If someone hits my server with oversized packets
designed to cause a buffer overflow, I would most
definitely regards it as a cause for complaint. DoS
has nothing to do with this stuff, since here the
attacker is trying to compromise the HTTP server
process by causing a buffer overrun and dropping into
a system shell. There is IMO legitimate cause for a
complaint to the originating ISP, since they will then
presumably put the attacker under watch. This just
might serve as a deterrent to future attacks.
> And CAUCE has no bearing on this at all. Coalition
> Against Unsolicited
> Commercial Email? It's HTTP, not SMTP.
Quite.
Krishnan
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
More information about the Linuxers
mailing list