HTTP 1.1 TRACE Command

From: Clinton Smith (festiveat_private)
Date: Thu Feb 07 2002 - 18:49:59 PST

Next message: Colby Marks: "RE: Reported Kazaa and Morpheus vulnerabilities"

Previous message: Robert Collins: "Re: directory traversal"
In reply to: Olaf Kirch: "Re: ssh"
Next in thread: Clinton Smith: "Re: HTTP 1.1 TRACE Command"
Reply: Clinton Smith: "Re: HTTP 1.1 TRACE Command"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Is there an HTTP protocol guru out there?

In the name of Development, I have been playing with the HTTP
TRACE command. If I understand the RFC correctly (which I may not).

TRACE sets up a loopback of sorts for testing.

Would it be possible to do something along the following lines:

Send a TRACE directive to a webserver via a spoofed network broadcast address?
To illicit a DOS of sorts (similar to smurf,fraggle)? or is there some mechanism
preventing this?

As the packets would be on 80 they would have some mobility though firewalls etc.

What do you think?

Kind Regards,
Clinton Smith

Next message: Colby Marks: "RE: Reported Kazaa and Morpheus vulnerabilities"
Previous message: Robert Collins: "Re: directory traversal"
In reply to: Olaf Kirch: "Re: ssh"
Next in thread: Clinton Smith: "Re: HTTP 1.1 TRACE Command"
Reply: Clinton Smith: "Re: HTTP 1.1 TRACE Command"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 07 2002 - 19:40:48 PST