[nsp-sec] DoS vulnerability in Apache HTTPD 1.3/2.x
Jose Nazario
jose at arbor.net
Thu Aug 25 10:59:58 EDT 2011
same article it seems, sorry for the noise. so i'll add something useful:
TLP_RED
in our in-the-wild measurements we saw at most ~55 range requests, typically 10 or less. hopefully that will let you be informed about making a decision about how much to block, since the apache statement is pretty vague about expected, sane ranges.
_____________________________
jose nazario, ph.d. jose at arbor.net
sr. manager of security research, arbor networks
blog: http://asert.arbor.net/
twitter: @arbornetworks
More information about the nsp-security
mailing list