Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Defending Against The 'Apache Killer' Exploit

Aug 26, 2011, 22:00 (0 Talkback[s])

"While Apache Web servers are vulnerable by default, that doesn't mean that there aren't defenses against the attack. One of those defenses is by using an intrusion prevention system (IPS) like Snort. Like Apache, Snort is open source and available for free.

"The Snort engine's HTTP Inspect preprocessor has an option to detect oversized HTTP headers, one of the key pieces of the Apache Killer tool," Alex Kirk, senior research analyst with the Sourcefire Vulnerability Research Team(VRT) said.

Kirk explained that since most HTTP headers are a few hundred bytes at most, quite often when you see extremely long headers, a buffer overflow attack is under way. The HTTP Inspect preprocessor in Snort is not a new piece of technology either, and it predates the release of the 'Apache Killer' tool.

Complete Story

Related Stories: