[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Regarding RSnake FD
- To: "sl@cker" <sl@xxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Regarding RSnake FD
- From: Jah wont_pay_the_bills <stopthesesdude@xxxxxxxxx>
- Date: Thu, 18 Jun 2009 07:03:07 -0400
I'm out of doobies, and i get nervous when i read lines like this :
"=head1 AFFECTS
Apache 1.x, Apache 2.x, dhttpd, GoAhead WebServer, Squid, others...?
=head1 NOT AFFECTED
IIS6.0, IIS7.0, lighthttpd, others...?"
2009/6/18 sl@cker <sl@xxxxxxxxx>
> Chill, the Apache folks said it was OK...maybe you should have read the
> whole post.
>
> security@xxxxxxxxxx:
> "DoS attacks by tying up TCP connections are expected. Please see:
>
> http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos
>
> Regards, Joe"
>
> The Apache guys clearly stated that this was expected behavior, we
> simply made another test case for the "expected", why the outrage?
>
> Additionally there are ways to defend against this already, which also
> cover other DoS attacks, not to mention most enterprises with load
> balancers aren't affected anyway (F5 and Netscaler tested).
>
> -id
> ha.ckers.org
>
> >Hey,
> >
> >Regarding this script-kiddie perfect tool
> >http://milw0rm.com/exploits/8976and this article :
> >http://ha.ckers.org/blog/20090617/slowloris-http-dos/
> >
> >Are you fucking NUTS ?
> >
> >What's your point ? you wanna get famous ?, need attention or
> something ? or
> >it's a commercial issue ?
> >
> >What gives you the right to give that knowledge to any unknowledged kids
> >arounds ?
> >
> >You feel hot or wanna feel hot or something ?
> >
> >Dude, your a fucking prick.
> >
> >Now lot's of enterprises are in deep shit, feeling happy with it ?
> >Feeling the blackhat adrenaline groing in you ?
> >You're a kid that doesnt understand an oz of your disclosure.
> >
> >You're an asshole who doesnt even understand what means work in the
> security
> >industry.
> >I guess you're like Aelphaeis Mangarae, who like to talk about, why we
> >should say fuck u to FD while posting NOOBS paper about PHP security
> issue
> >on MILW0RM
> >GET A FUCKING BRAIN ASSHOLE, you're a real prick.
> ~
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/