Re: What HTTP exploit?

2004-05-31 Thread Mike Nice
It seems to be another stupid Microsoft Exploit that just causes annoyance for Unix Boxes. The only side effect is they fill my dmesg logs with signal 11's from apache crashing. Am I the only one that sees the irony that Apache seg faults from an attack aimed at Msoft?!

Re: What HTTP exploit?

2004-05-31 Thread Vinny Abello
At 11:07 AM 5/31/2004, Mike Nice wrote: It seems to be another stupid Microsoft Exploit that just causes annoyance for Unix Boxes. The only side effect is they fill my dmesg logs with signal 11's from apache crashing. Am I the only one that sees the irony that Apache seg faults from an attack

Re: What HTTP exploit?

2004-05-31 Thread Laurence F. Sheldon, Jr.
Vinny Abello wrote: At 11:07 AM 5/31/2004, Mike Nice wrote: It seems to be another stupid Microsoft Exploit that just causes annoyance for Unix Boxes. The only side effect is they fill my dmesg logs with signal 11's from apache crashing. Am I the only one that sees the irony that Apache seg

Re: What HTTP exploit?

2004-05-31 Thread Paul G
- Original Message - From: Vinny Abello [EMAIL PROTECTED] To: Mike Nice [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, May 31, 2004 11:31 AM Subject: Re: What HTTP exploit? -- snip -- I thought if it can be crashed by cramming too much info into a buffer before it's truncated

Re: What HTTP exploit?

2004-05-31 Thread Bob Martin
The real irony is that it doesn't bother Apache running on NT :) In all fairness, somewhere along the line there was a patch for this. All my Apache servers do is put "request failed: URI too long" in the error log. Even without the fix it really wasn't anything more than a nuisance. Killing

Re: What HTTP exploit?

2004-05-31 Thread Jason Dixon
On May 31, 2004, at 12:45 PM, Bob Martin wrote: The real irony is that it doesn't bother Apache running on NT :) In all fairness, somewhere along the line there was a patch for this. All my Apache servers do is put request failed: URI too long in the error log. Even without the fix it really

What HTTP exploit?

2004-05-30 Thread John Palmer (NANOG Acct)
Can anyone identify this http exploit? Seen in the apache logs: foo.bar.com - - [30/May/2004:02:45:28 -0400] SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\

RE: What HTTP exploit?

2004-05-30 Thread Todd Mitchell - lists
| Behalf Of John Palmer (NANOG Acct) | Sent: May 30, 2004 4:44 PM | | Can anyone identify this http exploit? Seen in the apache logs: | | foo.bar.com | - - [30/May/2004:02:45:28 -0400] SEARCH | /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\ |

Re: What HTTP exploit?

2004-05-30 Thread Matthew McGehrin
: Sunday, May 30, 2004 4:43 PM Subject: What HTTP exploit? Can anyone identify this http exploit? Seen in the apache logs: foo.bar.com - - [30/May/2004:02:45:28 -0400] SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\ x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02

Re: What HTTP exploit?

2004-05-30 Thread Richard Welty
On Sun, 30 May 2004 15:43:58 -0500 John Palmer (NANOG Acct) [EMAIL PROTECTED] wrote: Can anyone identify this http exploit? Seen in the apache logs: foo.bar.com - - [30/May/2004:02:45:28 -0400] SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\

Re: What HTTP exploit?

2004-05-30 Thread Suresh Ramasubramanian
Richard Welty [30/05/04 19:57 -0400]: # control logging SetEnvIf Request_URI ^/default.ida? dontlog SetEnvIf Request_Method SEARCH dontlog Nathan Torkington's vermicide helps - (needs mod_perl) srs # this goes into your httpd.conf file # # the push_handlers line below prevents