You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Björn Friebel <dr...@uni.de> on 2004/03/29 18:07:04 UTC

[users@httpd] Re: URL - 33000 Characters Length

hello 

it does not affect unix systems ;) 
its an attak against IIS but I do not understand why this kiddy try it agains an apache *smile* 
take a look here: 
http://www.fatelabs.com/library/fatelabs-ntdll-analysis.pdf

greetz 
Björn 


"Jack L. Stone" <ja...@sage-one.net> schrieb im Newsbeitrag news:3.0.5.32.20040329092431.01f29380@10.0.0.10...
> Dear list:
> The other day, I asked for help on this issue which I believed was on-topic
> for this list. Since I did not get an answer, I tried the fbsd-questions
> list and got one answer that seems close to a solution.
> 
> The problem: One server is being hit with a continuous 33,000 character
> URLs which look like this:
> /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\....
> on & on...
> 
> ...then followed by another, and another.
> 
> One suggestion on the other list thought the following:
> [...]Someone's trying a buffer overflow trick on you. The way this
> technique would work is that the sender would attempt to send a request too
> big for your system to handle, once it reaches the "too big" mark,
> additional garbage would be sent to overwrite further, then finally a hex
> request would be written to spawn a shell. I'm not too sure how to stop it
> other than not placing a limit on how big of a url someone could send, or
> automatically truncating anything over x amount of size.[...]
> 
> My new question on this list:
> Can someone suggest the proper syntax for a directive to set a URL length
> maximum?
> 
> Best regards,
> Jack L. Stone,
> Administrator
> 
> SageOne Net
> http://www.sage-one.net
> jackstone@sage-one.net
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org