[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why Linux, Why Debian

On Sun, 22 Feb 2004 00:19, Andrew Suffield <asuffield@debian.org> wrote:
> > There have been some DoS attacks based on a url of the form:
> > http://localhost:19/whatever
> >
> > From memory they affected Netscape Navigator and IE, and some web proxy
> > software.
> >
> > Whether this is the fault of the application for not having some limit to
> > memory use is something that we can debate.  Chargen-TCP has been used as
> > part of a DoS attack, and turning it off will alleviate some things.
> file:///dev/zero works too, or telling them to run :(){:&:};: in a
> shell. That's not a DoS attack, that's a user-is-a-moron attack.

If the user has to type in the URL with :19 then it means it's a "user is a 
newbie" attack, we can't expect everyone to know the meaning of :19 (I had to 
look it up to write the previous message as I couldn't remember it).

"localhost" can be replaced by any DNS name that has an A record of

Such a URL could be included in a frame where the user would be unable to see 
it before it gets loaded.

You might say "if the user clicks on something in their web browser and 
nothing happens but the hard disk light stays on they are a moron if they 
don't click the stop button".  But even that relies on a moderate amount of 
computer knowledge.

You are correct that a file:///dev/zero URL works too (in the latest version 
of Mozilla it results in /dev/zero being copied to /tmp/something until all 
disk space is full).  This however is something that should be fixed in 

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: