BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 05 2007 08:45AM
bugtraq (bugtraq securityfocus lists bitrouters com)

to kill is enough not to finish the request and let it timeout on server side.
no ddos/dos protection layers can stand against this attack (as far as i know) and the scenario is simple
1. fingerprint the timeout on serverside
2. dig the sitemap from target
3. build a list of browsers to advertise ...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus