lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: kingcope at gmx.net (kcope)
Subject: Web Application DoS

>   Congratulations, you've discovered an application layer (Layer 7 for
>the OSI fans) denial of service attack. That first sentence is somewhat
>sarcastic, but this is not a new discovery. Now you need to generalize
>this to other applications.
>   What about databases (although you implied one in your example of a
>web search application)? Even without a web front-end, databases are
>particularly susceptible to these. If one understands details such as
>space allocation and indexing formulas of a database, one can make a

I didn't say this would be anything new I'm sure it isn't, but
everyone is discussing about DDoS attacks with hundreds
and thousands of zombie bots which take servers down.
But it's that plain simple just find some big
website like newspaper, IT biz or whatever and go to the search
engine nearly every site owns one. And if your lucky you can just manipulate
the amount of results given back from the server to 1 zillion and type a
simple search string. If you repeat the request hundreds of times the site
is not available anymore. And if the search site is on the same server as
all other parts of the web presentation the company is going to have
trouble. I guess it's more a problem to the server to search the entire
database for results which runs the cpu on 100% but i don't really know.
It was just a very easy idea and works out of the box. Only for testing
purposes of course. The responsible of vulnerable sites should just limit
the number of results so the internet can live in love & harmony ;) haha

-- 
Geschenkt: 3 Monate GMX ProMail + 3 Top-Spielfilme auf DVD
++ Jetzt kostenlos testen http://www.gmx.net/de/go/mail ++


Powered by blists - more mailing lists