Dan Milstein <[EMAIL PROTECTED]> wrote:
>
> The spec for the Ajp2.1 (which was not, AFAIK, ever implemented) has an
> excellent section discussing "Security Hazards". Anyone interested can
> check that out at:
>
> http://java.apache.org/jserv/protocol/AJPv21.html
Hehehe :) I was one of the co-authors of that spec :) (Nice to see when
someone pulls out a work from the past and says it contains "excellent"
pointers)....
To deny DOS attacks, I suggest using kernel-level IP filtering packages
(such as the IPF package for Solaris/*BSD or IPCHAINS for Linux - or
whatever it's name is today). They work pretty well, try to connect to port
8080 on kali.betaversion.org :) :) :) (Tomcat is running with the default
HTTP connector, but its access is restricted to only 127.0.0.1 and
192.168.1.* if it comes from the right Ethernet interface :)
Pier
--
----------------------------------------------------------------------------
Pier Fumagalli <http://www.betaversion.org/> <mailto:[EMAIL PROTECTED]>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
