[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SEARCH attack

I see these all the time myself and to turn the server into a black 
hole when it comes to exploitable code is a interesting idea. 
Blocking the NOP operation by blocking x90 does that pretty nicely on 
its own, however you could also block a jmp/mov instruction if you 
really wanted to be 'safe', but some users like using hex values for 
things, so its a trade off since people tend to move to other service 
providers when they find out there current one doesn't allow the 
input needed by there favorite script.

Perhaps switching 'http://www.microsoft.com' from that howto with 
'localhost' would be even more interesting; But from a legal 
standpoint the water is murky on that scale.

 - D

On 7 Jun 2004 at 16:41, Dena Whitebirch wrote:

> 
> I was getting pounded by these too and am wondering though if it worried
> anyone else that we might be considered to be attacking Microsoft by
> doing this rewrite?  Might there be a similar way to just 'stop' them like
> sending them to /dev/null or something?
> 
> > http://216.239.59.104/search?q=cache:RA7huHM9tEoJ:forums.macosxhints.com/showthread.php%3Ft%3D22371+%22SEARCH+/%5Cx90%5Cx02&hl=en
> 
> Regards,
> 
> Dena A. Whitebirch
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
>
Reply to: