Linux Today: Linux News On Internet Time.

More on LinuxToday

Defending Against The 'Apache Killer' Exploit

Aug 26, 2011, 22:00 (0 Talkback[s])

"While Apache Web servers are vulnerable by default, that doesn't mean that there aren't defenses against the attack. One of those defenses is by using an intrusion prevention system (IPS) like Snort. Like Apache, Snort is open source and available for free.

"The Snort engine's HTTP Inspect preprocessor has an option to detect oversized HTTP headers, one of the key pieces of the Apache Killer tool," Alex Kirk, senior research analyst with the Sourcefire Vulnerability Research Team(VRT) said.

Kirk explained that since most HTTP headers are a few hundred bytes at most, quite often when you see extremely long headers, a buffer overflow attack is under way. The HTTP Inspect preprocessor in Snort is not a new piece of technology either, and it predates the release of the 'Apache Killer' tool.

Complete Story

Related Stories: