Mailing List Archive

backhand error when meet bad HTTP protocol
Hi *,

I try to send an HTTP request using netcat, backhand redirect the
request loopback using local IP

[root@pagaruyung root]# echo -e 'GET /index.htmlHTTP/1.0 \n\n'| nc -v
10.32.10.29 80
kudus [10.32.10.29] 80 (http) open

-----------------------------------------------------------------------

[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0
[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
exist: /www/web/index.htmlHTTP/1.0

this can lead to remote Denial of Service, to stop this looping the
backhand must be restarted (with delay > 1 second).

Cheers,
Indra Kusuma
--
,''`. Indra{@,.}Kusuma.OR.ID -> [Security - Debian/GNU Linux - IPv6]
: :' : 0x4D829E49 - 187D 8C98 FB76 E1A8 5558 853A 4795 4FC1 4D82 9E49
`. `'
`-
backhand error when meet bad HTTP protocol [ In reply to ]
Indra,

I believe this is fixed in CVS. It was only triggered under certain
configurations. Can you checkout CVS and verify that you can no longer
trigger this loop?

Indra Kusuma wrote:

>Hi *,
>
>I try to send an HTTP request using netcat, backhand redirect the
>request loopback using local IP
>
>[root@pagaruyung root]# echo -e 'GET /index.htmlHTTP/1.0 \n\n'| nc -v
>10.32.10.29 80
>kudus [10.32.10.29] 80 (http) open
>
>-----------------------------------------------------------------------
>
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:35 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>[Fri Oct 18 03:50:36 2002] [error] [client 10.32.10.29] File does not
>exist: /www/web/index.htmlHTTP/1.0
>
>this can lead to remote Denial of Service, to stop this looping the
>backhand must be restarted (with delay > 1 second).
>
>Cheers,
>Indra Kusuma
>--
> ,''`. Indra{@,.}Kusuma.OR.ID -> [Security - Debian/GNU Linux - IPv6]
>: :' : 0x4D829E49 - 187D 8C98 FB76 E1A8 5558 853A 4795 4FC1 4D82 9E49
>`. `'
> `-
>
>_______________________________________________
>backhand-devel mailing list
>backhand-devel@lists.backhand.org
>http://lists.backhand.org/mailman/listinfo/backhand-devel
>
>


--
Theo Schlossnagle
Principal Consultant
OmniTI Computer Consulting, Inc. -- http://www.omniti.com/
Phone: +1 410 872 4910 x201 Fax: +1 410 872 4911
1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88 364C 8284 4984
2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7

-----------------------------------------------------------
-- Presenting at ApacheCon --
-- November 18th, 2002 --
-- Las Vegas, Nevada --
-- Backhand: understanding and building HA/LB clusters --
-- http://apachecon.com/2002/US/ --
-- --
-- Learn all there is to know about high availability --
-- internet systems and load balancing techniques --
-- focusing on applications driven by the Apache web --
-- server! --
-----------------------------------------------------------