[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Regarding RSnake FD



Chill, the Apache folks said it was OK...maybe you should have read the 
whole post.

security@xxxxxxxxxx:
"DoS attacks by tying up TCP connections are expected. Please see:

http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos

Regards, Joe"

The Apache guys clearly stated that this was expected behavior, we 
simply made another test case for the "expected", why the outrage?

Additionally there are ways to defend against this already, which also 
cover other DoS attacks, not to mention most enterprises with load 
balancers aren't affected anyway (F5 and Netscaler tested).

-id
ha.ckers.org

 >Hey,
 >
 >Regarding this script-kiddie perfect tool
 >http://milw0rm.com/exploits/8976and this article :
 >http://ha.ckers.org/blog/20090617/slowloris-http-dos/
 >
 >Are you fucking NUTS ?
 >
 >What's your point ? you wanna get famous ?, need attention or 
something ? or
 >it's a commercial issue ?
 >
 >What gives you the right to give that knowledge to any unknowledged kids
 >arounds ?
 >
 >You feel hot or wanna feel hot or something ?
 >
 >Dude, your a fucking prick.
 >
 >Now lot's of enterprises are in deep shit, feeling happy with it ?
 >Feeling the blackhat adrenaline groing in you ?
 >You're a kid that doesnt understand an oz of your disclosure.
 >
 >You're an asshole who doesnt even understand what means work in the 
security
 >industry.
 >I guess you're like Aelphaeis Mangarae, who like to talk about, why we
 >should say fuck u to FD while posting NOOBS paper about PHP security issue
 >on MILW0RM
 >GET A FUCKING BRAIN ASSHOLE, you're a real prick.
~                                                                               
                                                         

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/