[WEB SECURITY] RFC 2616

Ryan Barnett rcbarnett at gmail.com
Mon May 9 10:44:38 EDT 2005


FUD-olicious, indeed :)  Now to answer your question specifically -
no, I don't know who is currently doing research, or what data they
have.

Keep in mind that 2616 was written back in 99.  It wasn't too long
after that when the big DDoS attacks occured knocking out Ebay, Yahoo,
etc....  That is why I don't think that they were referring to any
specific proxy/layer 7 DoS attacks, but rather the impact of taking
out a proxy with a DoS attack.

While not a DoS attack against a proxy, you might find HTTP Response
Splitting interesting -
http://www.webappsec.org/projects/threat/classes/http_response_splitting.shtml

-- 
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
SANS Instructor: Securing Apache
GCIA, GCFA, GCIH, GCUX, GSEC

On 5/9/05, TheGesus <thegesus at gmail.com> wrote:
> Ominously states....
> ====================================
> 15.7.1 Denial of Service Attacks on Proxies
> 
>   They exist. They are hard to defend against. Research continues.  Beware.
> ====================================
> 
> Any idea who's doing the research and what they have so far?
> 
> BTW, if you Google "Denial of Service Attacks on Proxies" you get ~11
> pages worth of...
> 
> "They exist. They are hard to defend against. Research continues.  Beware."
> 
> Now I can't sleep at night.
> 
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
> 
>

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/



More information about the websecurity mailing list