Re: [Lit.] Buffer overruns

From: Phil Carmody (thefatphil_demunged_at_yahoo.co.uk)
Date: 01/31/05 

Date: 31 Jan 2005 17:39:29 +0200

infobahn <infobahn@btinternet.com> writes:
> Phil Carmody wrote:
> >
>
> <snip>
>
> > And to be honest, I think pulling the DoS card is a bit cheap. One can DoS
> > most things using _valid_ input just as easily as using invalid input.
>
> Cheap? I think that sounds rather expensive! :-)
>
> Seriously. If you can DoS the program using valid input, it has
> major problems. Expensive problems.

Which takes more CPU power:
1) A test in PHP to see if a search key has the right form, and
   rejecting a malformed key.
2) That test, passed, followed by a SQL query to extract the record
   corresponding to a valid key.

Part of the point about validating input is to enable you to reject
requests before doing too much work. It follows that the ones you
don't reject take more work to handle. Thus, if correct requests
can be spoofed, they're a better mechanism for DoSing.

Set up your own home server, and see how many 404s (i.e. the simplest,
most arbitrary of incorrectly formatted requests) you can handle per
second. Then stick the simplest possible database behind a CGI handler,
and compare your throughput. Now you've determined that what you've
done has "major problems" fix them, and report back here how you fixed
them.

And what happened to my other questions about you considering logs of
buffer overruns to be junk, and not genuine?

> BTW Thanks for the Google hint. I wish they wouldn't keep breaking it.

Go to .co.uk once, and accept the cookie. After that, all accesses to .co.uk
should be sane (until they break that). I reject almost all cookies, and
thus keep getting redirected to Finland whatever tld I use.

However, I try to avoid the god-forsaken abomination that calls itself
google groups (2 beta) as much as possible nowadays.

Phil 

-- 
If a religion' is defined to be a system of ideas that contains unprovable
statements, then Godel taught us that mathematics is not only a religion, it
is the only religion that can prove itself to be one. -- John Barrow

Relevant Pages

  • Re: Why is my nasm program killing itself?
    ... Phil Carmody wrote: ... Look like dos to you? ... What on earth gave you the impression that I thought that file ... If I say that milk isn't coca-cola, will you conclude that I think bessie the cow produces coca-cola? ...
    (alt.lang.asm)
  • Re: iptables & tcp wrappers
    ... so this is not intended for a production server ... that handles a lot of requests per second. ... blocked-hosts file (and as you can see this spawn'ed process is sent to ... To minimize the possibility of DoS, this rule is the last in the ...
    (Focus-Linux)
  • Re: [Full-Disclosure] Search Engine XSS
    ... It would just be easier to ascertain the level of severity if an actual DoS string or this "trusted internal call" was exploited. ... > consider that the server must process the requests.. ... > DoS issue with enough length and quanity of the requests. ...
    (Full-Disclosure)
  • Re: kern.ipc.nmbclusters
    ... > 11125 requests for memory denied ... > 0 calls to protocol drain routines ... DOS may be?! ... >> To unsubscribe, send any mail to ...
    (freebsd-questions)
  • Re: Rule TCP ack packet attack: Blocked: In TCP?
    ... >>understand what Bloomberg want. ... > and something on the machine is trying to run a DoS on your machine. ... But keep in mind that Kerio and the O/S can get so ... > involved in stopping the DoS requests; it's the same as if the requests ...
    (comp.security.firewalls)