Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: a cheesy Apache / IIS DoS vuln (+a question)
Jan 05 2007 08:45AM
bugtraq (bugtraq securityfocus lists bitrouters com)
to kill is enough not to finish the request and let it timeout on server side.
no ddos/dos protection layers can stand against this attack (as far as i know) and the scenario is simple
1. fingerprint the timeout on serverside
2. dig the sitemap from target
3. build a list of browsers to advertise ...
[ more ]
Copyright 2010, SecurityFocus