"While Apache Web servers are vulnerable by default, that
doesn't mean that there aren't defenses against the attack. One of
those defenses is by using an intrusion prevention system (IPS)
like Snort. Like Apache, Snort is open source and available for
"The Snort engine's HTTP Inspect preprocessor has an option to
detect oversized HTTP headers, one of the key pieces of the Apache
Killer tool," Alex Kirk, senior research analyst with the
Sourcefire Vulnerability Research Team(VRT) said.
Kirk explained that since most HTTP headers are a few hundred
bytes at most, quite often when you see extremely long headers, a
buffer overflow attack is under way. The HTTP Inspect preprocessor
in Snort is not a new piece of technology either, and it predates
the release of the 'Apache Killer' tool.
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.