Re: IIS 5.0 Content Length DOS vulnerability

From: Eric Maiwald (emaiwaldat_private)
Date: Tue Dec 18 2001 - 10:59:01 PST

Next message: corecodeat_private: "wmcube-gdk is vulnerable to a local exploit"

Previous message: Georgi Guninski: "Re: MSIE may download and run progams automatically - NOT SO FAST"
In reply to: Przemyslaw Frasunek: "Re: Zyxel Prestige 681 and 1600 (possibly other?) remote DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We have been testing the script posted by Mr. Hernandez on an IIS 5.0
system runnion over Win2k SP1. We can get the connections to exist
but after a time, they time out and close. There does not appear to
be any deterioration in the system performance.

Anyone have any more information on this that may indicate how the
DOS actually occurs?  Is it a certain number of open connections in
a short period of time?

Also, does anyone have any information as to whether the content-length
parameter gets mangled under normal conditions or is this DOS only
likely in a real attack.

Eric

---------------------------------------------------------------------
Eric Maiwald, CISSP                                 emaiwaldat_private
Chief Technology Officer                                 301-977-6966
Fortrex Technologies, Inc.                           Gaithersburg, MD
---------------------------------------------------------------------

Next message: corecodeat_private: "wmcube-gdk is vulnerable to a local exploit"
Previous message: Georgi Guninski: "Re: MSIE may download and run progams automatically - NOT SO FAST"
In reply to: Przemyslaw Frasunek: "Re: Zyxel Prestige 681 and 1600 (possibly other?) remote DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Dec 18 2001 - 16:05:52 PST