On Mon, Oct 04, 1999 at 12:58:40AM -0000, Dennis Conrad wrote: > #!/usr/bin/perl > > ######### > # Sample DOS against the Sambar HTTP-Server [snip] > print $remote "GET " . "X" x 99999999999999999999 . " HTTP/1.0\n\n"; Using that many 9s on my version of Perl fails silently. The above seems equivalent to: print $remote "GET HTTP/1.0\n\n"; steve@grok:/home/steve% perl -e 'print "X"x99999999999999999999;' steve@grok:/home/steve% perl -e 'print "X"x99999999999999999999 || die;' Died at -e line 1. steve@grok:/home/steve% perl -v This is perl, version 5.005_03 built for i386-freebsd [etc.] I don't have a Sambar HTTP server to test against but it seems clear that the code won't work the way the author expected. Perl doesn't even try to build a string that long. If it did it would run out of memory and then fail. I conclude that the script as posted will not DoS the server even if it is vulnerable, unless a simple "GET HTTP/1.0" triggers the DoS. I suggest that until the nature of the DoS is clarified anyone using the script to test their own server should try it as-is, then try it with fewer 9s (probably 9999 or 99999, maybe more if it's a resource exhaustion DoS).
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:07:01 PDT