Re: DoS on POSTS

2001-10-28 Thread Marc Slemko
On Sat, 27 Oct 2001, William A. Rowe, Jr. wrote: > Requesting this; > > POST /cgi-bin/printenv.pl HTTP/1.1 > Content-Length:80 > Host:localhost > > and stalling, I get a 5 minute pause, followed by; > > HTTP/1.1 200 OK > Date: Sat, 27 Oct 2001 16:55:02 GMT > Server: Apache/2.0.27-dev (Win32) D

Re: DoS on POSTS

2001-10-27 Thread William A. Rowe, Jr.
From: "Jon Travis" <[EMAIL PROTECTED]> Sent: Saturday, October 27, 2001 1:24 AM > Like I said in my follow up post to my original, you don't even > need to post the data to actually have this occur. I telneted > to the server, and let it sit there for like 47 minutes before > I killed it. I ne

Re: DoS on POSTS

2001-10-27 Thread Jon Travis
Like I said in my follow up post to my original, you don't even need to post the data to actually have this occur. I telneted to the server, and let it sit there for like 47 minutes before I killed it. I never had it time out. -- Jon On Fri, Oct 26, 2001 at 11:51:59AM -0700, Ryan Bloom wrote:

Re: DoS on POSTS

2001-10-27 Thread William A. Rowe, Jr.
From: "Ryan Bloom" <[EMAIL PROTECTED]> Sent: Friday, October 26, 2001 1:51 PM > On Thursday 25 October 2001 08:52 pm, Ryan Bloom wrote: > > > It seems that there is a possibility for DoS on Apache servers > > > when doing a POST. On search.apache.org, I can send the following > > > request: > >

Re: DoS on POSTS

2001-10-26 Thread Ryan Bloom
On Thursday 25 October 2001 08:52 pm, Ryan Bloom wrote: > > It seems that there is a possibility for DoS on Apache servers > > when doing a POST. On search.apache.org, I can send the following > > request: > > > > PUT / HTTP/1.1 > > Host: search.apache.org:80 > > Content-Length: 1000 > > > > > >

Re: DoS on POSTS

2001-10-26 Thread Ryan Bloom
> It seems that there is a possibility for DoS on Apache servers > when doing a POST. On search.apache.org, I can send the following > request: > > PUT / HTTP/1.1 > Host: search.apache.org:80 > Content-Length: 1000 > > > And just let it sit there forever. search.apache.org is running 2.0.24, >

DoS on POSTS

2001-09-24 Thread Jon Travis
It seems that there is a possibility for DoS on Apache servers when doing a POST. On search.apache.org, I can send the following request: PUT / HTTP/1.1 Host: search.apache.org:80 Content-Length: 1000 And just let it sit there forever. search.apache.org is running 2.0.24, and I'm running out