lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: kingcope at gmx.net (kcope) Subject: Web Application DoS > Congratulations, you've discovered an application layer (Layer 7 for >the OSI fans) denial of service attack. That first sentence is somewhat >sarcastic, but this is not a new discovery. Now you need to generalize >this to other applications. > What about databases (although you implied one in your example of a >web search application)? Even without a web front-end, databases are >particularly susceptible to these. If one understands details such as >space allocation and indexing formulas of a database, one can make a I didn't say this would be anything new I'm sure it isn't, but everyone is discussing about DDoS attacks with hundreds and thousands of zombie bots which take servers down. But it's that plain simple just find some big website like newspaper, IT biz or whatever and go to the search engine nearly every site owns one. And if your lucky you can just manipulate the amount of results given back from the server to 1 zillion and type a simple search string. If you repeat the request hundreds of times the site is not available anymore. And if the search site is on the same server as all other parts of the web presentation the company is going to have trouble. I guess it's more a problem to the server to search the entire database for results which runs the cpu on 100% but i don't really know. It was just a very easy idea and works out of the box. Only for testing purposes of course. The responsible of vulnerable sites should just limit the number of results so the internet can live in love & harmony ;) haha -- Geschenkt: 3 Monate GMX ProMail + 3 Top-Spielfilme auf DVD ++ Jetzt kostenlos testen http://www.gmx.net/de/go/mail ++
Powered by blists - more mailing lists