|
From: Ryan B. <RBa...@tr...> - 2010-09-20 20:52:38
|
On 9/20/10 4:44 PM, "Jason Haar" <Jas...@tr...> wrote: > Hi there > > As the vulnerability's exploit involves hammering the server with tonnes > of webrequests, I was wondering if there could be a way to block it with > mod_security? > > http://www.theregister.co.uk/2010/09/20/asp_dot_net_padding_oracle_fix/ > http://www.microsoft.com/technet/security/advisory/2416728.mspx > http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vu > lnerability.aspx Hey Jason, I have tested it specifically against this type of attack, however, in theory, implementing SessionID Validation rules within ModSecurity should prevent the attack. I outlined this in my blog post last week and actually referenced this attack - http://blog.modsecurity.org/2010/09/advanced-topic-of-the-week-validating-se ssionids.html Let me know if this works, Ryan |
