Defending Against The 'Apache Killer' Exploit
Aug 26, 2011, 22:00 (0 Talkback[s])
"While Apache Web servers are vulnerable by default, that
doesn't mean that there aren't defenses against the attack. One of
those defenses is by using an intrusion prevention system (IPS)
like Snort. Like Apache, Snort is open source and available for
"The Snort engine's HTTP Inspect preprocessor has an option to
detect oversized HTTP headers, one of the key pieces of the Apache
Killer tool," Alex Kirk, senior research analyst with the
Sourcefire Vulnerability Research Team(VRT) said.
Kirk explained that since most HTTP headers are a few hundred
bytes at most, quite often when you see extremely long headers, a
buffer overflow attack is under way. The HTTP Inspect preprocessor
in Snort is not a new piece of technology either, and it predates
the release of the 'Apache Killer' tool.