OK, you've gone beyond me. What do you mean by blocking the NOP operation or jmp/mov instruction? How would you do this with an Apache server on a Linux platform?
Also, wouldn't replacing the www.microsoft.com with localhost (or http://127.0.0.1/) just send the request right back to my own server, probably even putting it in a loop? Robert ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 07, 2004 11:01 PM Subject: Re: SEARCH attack > > I see these all the time myself and to turn the server into a black > hole when it comes to exploitable code is a interesting idea. > Blocking the NOP operation by blocking x90 does that pretty nicely on > its own, however you could also block a jmp/mov instruction if you > really wanted to be 'safe', but some users like using hex values for > things, so its a trade off since people tend to move to other service > providers when they find out there current one doesn't allow the > input needed by there favorite script. > > Perhaps switching 'http://www.microsoft.com' from that howto with > 'localhost' would be even more interesting; But from a legal > standpoint the water is murky on that scale. > > - D > > On 7 Jun 2004 at 16:41, Dena Whitebirch wrote: > > > > > I was getting pounded by these too and am wondering though if it worried > > anyone else that we might be considered to be attacking Microsoft by > > doing this rewrite? Might there be a similar way to just 'stop' them like > > sending them to /dev/null or something? > > > > > http://216.239.59.104/search?q=cache:RA7huHM9tEoJ:forums.macosxhints.com/showthread.php%3Ft%3D22371+%22SEARCH+/%5Cx90%5Cx02&hl=en > > > > Regards, > > > > Dena A. Whitebirch > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
