It seems to be another stupid Microsoft Exploit that just
causes annoyance for Unix Boxes.
The only side effect is they fill my dmesg logs with
signal 11's from apache crashing.
Am I the only one that sees the irony that Apache seg faults from an
attack aimed at Msoft?!
At 11:07 AM 5/31/2004, Mike Nice wrote:
It seems to be another stupid Microsoft Exploit that just
causes annoyance for Unix Boxes.
The only side effect is they fill my dmesg logs with
signal 11's from apache crashing.
Am I the only one that sees the irony that Apache seg faults from an
attack
Vinny Abello wrote:
At 11:07 AM 5/31/2004, Mike Nice wrote:
It seems to be another stupid Microsoft Exploit that just
causes annoyance for Unix Boxes.
The only side effect is they fill my dmesg logs with
signal 11's from apache crashing.
Am I the only one that sees the irony that Apache seg
- Original Message -
From: Vinny Abello [EMAIL PROTECTED]
To: Mike Nice [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, May 31, 2004 11:31 AM
Subject: Re: What HTTP exploit?
-- snip --
I thought if it can be crashed by
cramming too much info into a buffer before it's truncated
The real irony is that it doesn't bother Apache running on NT :)
In all fairness, somewhere along the line there was a patch for this.
All my Apache servers do is put "request failed: URI too long" in the
error log. Even without the fix it really wasn't anything more than a
nuisance. Killing
On May 31, 2004, at 12:45 PM, Bob Martin wrote:
The real irony is that it doesn't bother Apache running on NT :)
In all fairness, somewhere along the line there was a patch for this.
All my Apache servers do is put request failed: URI too long in the
error log. Even without the fix it really
Can anyone identify this http exploit? Seen in the apache logs:
foo.bar.com
- - [30/May/2004:02:45:28 -0400] SEARCH
/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\
| Behalf Of John Palmer (NANOG Acct)
| Sent: May 30, 2004 4:44 PM
|
| Can anyone identify this http exploit? Seen in the apache logs:
|
| foo.bar.com
| - - [30/May/2004:02:45:28 -0400] SEARCH
| /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\
|
: Sunday, May 30, 2004 4:43 PM
Subject: What HTTP exploit?
Can anyone identify this http exploit? Seen in the apache logs:
foo.bar.com
- - [30/May/2004:02:45:28 -0400] SEARCH
/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\
x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
On Sun, 30 May 2004 15:43:58 -0500 John Palmer (NANOG Acct) [EMAIL PROTECTED]
wrote:
Can anyone identify this http exploit? Seen in the apache logs:
foo.bar.com
- - [30/May/2004:02:45:28 -0400] SEARCH
/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\
Richard Welty [30/05/04 19:57 -0400]:
# control logging
SetEnvIf Request_URI ^/default.ida? dontlog
SetEnvIf Request_Method SEARCH dontlog
Nathan Torkington's vermicide helps - (needs mod_perl)
srs
# this goes into your httpd.conf file
#
# the push_handlers line below prevents
11 matches
Mail list logo