/IP, or to
> the original requester. Can anybody answer that, with absolute sureness?
>
> Robert
>
> - Original Message -
> From: "Dena Whitebirch" <[EMAIL PROTECTED]>
> To:
> Sent: Monday, June 07, 2004 10:41 PM
> Subject: Re: SEARCH attack
>
>
8><
Really this kind of stuff, whilst annoying and irritating in
many ways, is just background noise on todays internet.
Patch your boxes, and ignore exploit attempts that affect other
platforms.
Steve
8><
I have to agree, a handful of years ago when I started on line I
tting it in a loop?
>
> Robert
>
> - Original Message -
> From: <[EMAIL PROTECTED]>
> To:
> Sent: Monday, June 07, 2004 11:01 PM
> Subject: Re: SEARCH attack
>
>
> >
> > I see these all the time myself and to turn the server into a black
On Tue, Jun 08, 2004 at 01:07:32AM +0200, Robert Cates wrote:
> OK, you've gone beyond me. What do you mean by blocking the NOP operation
> or jmp/mov instruction? How would you do this with an Apache server on a
> Linux platform?
Presumably meaning that you'd use a rule to block the
value '0
to my own server,
probably even putting it in a loop?
Robert
- Original Message -
From: <[EMAIL PROTECTED]>
To:
Sent: Monday, June 07, 2004 11:01 PM
Subject: Re: SEARCH attack
>
> I see these all the time myself and to turn the server into a black
> hole when it comes
ster. Can anybody answer that, with absolute sureness?
Robert
- Original Message -
From: "Dena Whitebirch" <[EMAIL PROTECTED]>
To:
Sent: Monday, June 07, 2004 10:41 PM
Subject: Re: SEARCH attack
>
> I was getting pounded by these too and am wondering though if it wor
/IP, or to
> the original requester. Can anybody answer that, with absolute sureness?
>
> Robert
>
> - Original Message -
> From: "Dena Whitebirch" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, June 07, 2004 10:41 PM
> Subjec
8><
Really this kind of stuff, whilst annoying and irritating in
many ways, is just background noise on todays internet.
Patch your boxes, and ignore exploit attempts that affect other
platforms.
Steve
8><
I have to agree, a handful of years ago when I started on line I
tting it in a loop?
>
> Robert
>
> - Original Message -
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, June 07, 2004 11:01 PM
> Subject: Re: SEARCH attack
>
>
> >
> > I see these all the time myself and to turn the s
On Tue, Jun 08, 2004 at 01:07:32AM +0200, Robert Cates wrote:
> OK, you've gone beyond me. What do you mean by blocking the NOP operation
> or jmp/mov instruction? How would you do this with an Apache server on a
> Linux platform?
Presumably meaning that you'd use a rule to block the
value '0
to my own server,
probably even putting it in a loop?
Robert
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, June 07, 2004 11:01 PM
Subject: Re: SEARCH attack
>
> I see these all the time myself and to turn the server into a b
ster. Can anybody answer that, with absolute sureness?
Robert
- Original Message -
From: "Dena Whitebirch" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, June 07, 2004 10:41 PM
Subject: Re: SEARCH attack
>
> I was getting pounded by these too and am w
http://127.0.0.1
On Jun 7, 2004, at 3:41 PM, Dena Whitebirch wrote:
I was getting pounded by these too and am wondering though if it
worried
anyone else that we might be considered to be attacking Microsoft by
doing this rewrite? Might there be a similar way to just 'stop' them
like
sending th
I see these all the time myself and to turn the server into a black
hole when it comes to exploitable code is a interesting idea.
Blocking the NOP operation by blocking x90 does that pretty nicely on
its own, however you could also block a jmp/mov instruction if you
really wanted to be 'safe',
I was getting pounded by these too and am wondering though if it worried
anyone else that we might be considered to be attacking Microsoft by
doing this rewrite? Might there be a similar way to just 'stop' them like
sending them to /dev/null or something?
> http://216.239.59.104/search?q=cache:R
The only problem I have with using Mod_Rewrite for this sort of thing
is if you want to do it to every VirtualHost on your server, and you're
a heavy user of Mod_Rewrite, you have to add that entire set to EVERY
VirtualHost container, because Mod_Rewrite commands within a
VirtualHost container
http://127.0.0.1
On Jun 7, 2004, at 3:41 PM, Dena Whitebirch wrote:
I was getting pounded by these too and am wondering though if it
worried
anyone else that we might be considered to be attacking Microsoft by
doing this rewrite? Might there be a similar way to just 'stop' them
like
sending th
I see these all the time myself and to turn the server into a black
hole when it comes to exploitable code is a interesting idea.
Blocking the NOP operation by blocking x90 does that pretty nicely on
its own, however you could also block a jmp/mov instruction if you
really wanted to be 'safe',
I was getting pounded by these too and am wondering though if it worried
anyone else that we might be considered to be attacking Microsoft by
doing this rewrite? Might there be a similar way to just 'stop' them like
sending them to /dev/null or something?
> http://216.239.59.104/search?q=cache:R
The only problem I have with using Mod_Rewrite for this sort of thing
is if you want to do it to every VirtualHost on your server, and you're
a heavy user of Mod_Rewrite, you have to add that entire set to EVERY
VirtualHost container, because Mod_Rewrite commands within a
VirtualHost container
tion looks good to me as well, and I'll add to my
config
shortly!
Thanks again,
Robert
- Original Message -
From: "mimo" <[EMAIL PROTECTED]>
To: "Robert Cates" <[EMAIL PROTECTED]>
Cc:
Sent: Monday, June 07, 2004 2:36 PM
Subject: Re: SEARCH attack
Hi
Thanks much!
The rewrite solution looks good to me as well, and I'll add to my config
shortly!
Thanks again,
Robert
- Original Message -
From: "mimo" <[EMAIL PROTECTED]>
To: "Robert Cates" <[EMAIL PROTECTED]>
Cc:
Sent: Monday, June 07, 2004 2:36
tion looks good to me as well, and I'll add to my
config
shortly!
Thanks again,
Robert
- Original Message -
From: "mimo" <[EMAIL PROTECTED]>
To: "Robert Cates" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, June 07, 2004 2:36 PM
Subjec
: Monday, June 07, 2004 2:36 PM
Subject: Re: SEARCH attack
> Hi
>
> I have noticed the same here -- have a look at this
>
>
http://216.239.59.104/search?q=cache:RA7huHM9tEoJ:forums.macosxhints.com/showthread.php%3Ft%3D22371+%22SEARCH+/%5Cx90%5Cx02&hl=en
>
> I liked the rewrite
On Mon, Jun 07, 2004 at 11:42:53 +0200, Robert Cates wrote:
> I hoping somebody can both fill me in on what this SEARCH is all about,
SEARCH is documented in
http://greenbytes.de/tech/webdav/draft-reschke-webdav-search-latest.html#rfc.section.2
It is a part of an internet draft extending the WebDA
Hi
I have noticed the same here -- have a look at this
http://216.239.59.104/search?q=cache:RA7huHM9tEoJ:forums.macosxhints.com/showthread.php%3Ft%3D22371+%22SEARCH+/%5Cx90%5Cx02&hl=en
I liked the rewrite solution to throw it to ms... ;)
Michael
Robert Cates wrote:
Hi,
I hoping somebody can both fi
On Mon, Jun 07, 2004 at 11:42:53 +0200, Robert Cates wrote:
> I hoping somebody can both fill me in on what this SEARCH is all about,
SEARCH is documented in
http://greenbytes.de/tech/webdav/draft-reschke-webdav-search-latest.html#rfc.section.2
It is a part of an internet draft extending the WebDA
Hi
I have noticed the same here -- have a look at this
http://216.239.59.104/search?q=cache:RA7huHM9tEoJ:forums.macosxhints.com/showthread.php%3Ft%3D22371+%22SEARCH+/%5Cx90%5Cx02&hl=en
I liked the rewrite solution to throw it to ms... ;)
Michael
Robert Cates wrote:
Hi,
I hoping somebody can both fi
28 matches
Mail list logo
