|
From: Jamuse <ja...@gm...> - 2010-09-20 22:36:54
|
On Mon, Sep 20, 2010 at 10:44 PM, Jason Haar <Jas...@tr...>wrote: > Hi there > > As the vulnerability's exploit involves hammering the server with tonnes > of webrequests, I was wondering if there could be a way to block it with > mod_security? > > http://www.theregister.co.uk/2010/09/20/asp_dot_net_padding_oracle_fix/ > http://www.microsoft.com/technet/security/advisory/2416728.mspx > > http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx > > Hi Jason, While implementing Session Validation, as Ryan suggested, is probably a better solution, you may want to back that up with rate limiting requests, either via SecGuardianLog + http-guardian or in ModSec rules like: https://secure.jwall.org/blog/2009/07/19/1248004300834.html -- - Josh |
