Menu
▾
▴
Re: [Tclhttpd-users] MS virus bogus URLs
|
From: David G. <dav...@po...> - 2004-10-06 05:36:43
|
Colin McCormack <co...@ch...> wrote: >I've been noticing quite a few extremely long bogus URLs, presumably >from MS virus-ridden machines attempting a buffer overflow in some >lamentably bad MS web server (ISS?) > >The URLs have the form SEARCH / followed by 64Kb of 0x902f 0xb102 ... > >I think this really clags up our regexp at lib/httpd.tcl line 611 (the >one in state 1,$start which splits the line up into prototype and URL) >although it's hard for me to tell because the xemacs buffer I'm using to >test usually crashes when I try to manipulate the 64k literal string :) > >I wonder what people think might be good effective protective measures >against this 'sploit? How about an ignore list of IPs the user may want to block? I got about a dozen attempts a day to act as a mail proxy from a few repeating IPs. I block them at my router, but a list tclhttpd used would be a feature I would make use of. -- David Gravereaux <dav...@po...> [species: human; planet: earth,milkyway(western spiral arm),alpha sector] |
