On Mon, Sep 20, 2010 at 10:44 PM, Jason Haar <Jason.Haar@trimble.co.nz> wrote:
 Hi there

As the vulnerability's exploit involves hammering the server with tonnes
of webrequests, I was wondering if there could be a way to block it with
mod_security?

http://www.theregister.co.uk/2010/09/20/asp_dot_net_padding_oracle_fix/
http://www.microsoft.com/technet/security/advisory/2416728.mspx
http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx


Hi Jason,

While implementing Session Validation, as Ryan suggested, is probably a better solution, you may want to back that up with rate limiting requests, either via SecGuardianLog + http-guardian or in ModSec rules like:

https://secure.jwall.org/blog/2009/07/19/1248004300834.html

--
 - Josh