My last WWW DoS scripts generate many false positive against SWAT and
VNC.
The reason is that the new "http_is_alive" function uses HEAD instead
of GET
Both SWAT and VNC answer to GET requests, that's why find_service
identifies them as web servers, but they do not handle HEAD.
VNC closes the connection without sending anything, SWAT never
answers or closes the connection.
The obvious fix is to change http_is_alive()
But maybe the scripts should first run http_is_alive against the web
server before launching the DoS attack.
I think I'll implement both, but we may have a way to get rid of false
positive against things that _look like_ web servers but are not
really.
--
mailto:arboi@bigfoot.com
GPG Public keys: http://michel.arboi.free.fr/pubkey.txt
http://michel.arboi.free.fr/ http://arboi.da.ru/
FAQNOPI de fr.comp.securite : http://faqnopi.da.ru/
VNC.
The reason is that the new "http_is_alive" function uses HEAD instead
of GET
Both SWAT and VNC answer to GET requests, that's why find_service
identifies them as web servers, but they do not handle HEAD.
VNC closes the connection without sending anything, SWAT never
answers or closes the connection.
The obvious fix is to change http_is_alive()
But maybe the scripts should first run http_is_alive against the web
server before launching the DoS attack.
I think I'll implement both, but we may have a way to get rid of false
positive against things that _look like_ web servers but are not
really.
--
mailto:arboi@bigfoot.com
GPG Public keys: http://michel.arboi.free.fr/pubkey.txt
http://michel.arboi.free.fr/ http://arboi.da.ru/
FAQNOPI de fr.comp.securite : http://faqnopi.da.ru/