Forum Discussion
Latest Apache range headers DOS vulnerability signature suggestion
Hi ,
You probably heard about this latest Apace DOS vulnerability.
http://www.kb.cert.org/vuls/id/405811
Here is a suggestion to add 2 signatures that will block such attack (base...
BT_90520
Nimbostratus
NimbostratusThere is also a recent enhancement of Killer Apache @ http://www.pentestit.com/killapache-redone-ddos/
Difference Between Old and New Modified Exploit:
< $p = “HEAD / HTTP/1.1rnHost: $ARGV[0]rnRange:bytes=0-$prnAccept-Encoding: gziprnConnection: closernrn”; — > $p = “HEAD “.($ARGV[2] ? $ARGV[2] : “/”).”HTTP/1.1rnHost: $ARGV[0]rnRange:bytes=0-$prnAccept-Encoding: gziprnConnection: closernrn”;
