dslreports logo
 story category
HTTP Request Smuggling
New attack technique
"Thousands of websites may be at risk from a new form of network attack that involves burying harmful packets of data within seemingly legitimate ones," reports the New Scientist. Dubbed "HTTP Request Smuggling" the new attack technique exploits discrepancies in the way different software tackles HTTP, via the use of carefully crafted packets that can sneak past traditional defenses. (Thanks rock)
view:
topics flat nest 

Anon users
@sympatico.ca

Anon users

Anon

Only you need a HTTP filter...Or for HTTPS as well

Now everyone might start to think about using infamous Proximotron...

Combat Chuck
Too Many Cannibals
Premium Member
join:2001-11-29
Verona, PA

Combat Chuck

Premium Member

Re: Only you need a HTTP filter...Or for HTTPS as

So Proxomotron is somehow supposed to protect you from someone hacking into a webserver and altering it's content? Care to explain how it does that?

GlenQuagmire
Giggidy Giggidy Giggidy Goo
Premium Member
join:2004-02-16
Grand Rapids, MI

GlenQuagmire

Premium Member

Fedora Core

I am using Fedora Core so I am not worried.

knightmb
Everybody Lies
join:2003-12-01
Franklin, TN

knightmb

Member

Linux say what?

Oh yeah, this again. Well hate to break it to everyone, but this isn't exactly "new", so unless you are using Microsoft IIS or some ancient version of Apache/Zeus/whatever, this was problem was fixed last century going by the details in the article. Sounds like some more FUD being spread around about the website servers.
jdir
join:2001-05-04
Santa Clara, CA

jdir

Member

IIS and apache all has problems

Add another critical bug to web server!!!

DHRacer
Tech Monkey
join:2000-10-10
Lake Arrowhead, CA

DHRacer

Member

What stops this?

Would a router with Stateful Packet Inspection be able to block this?

On second thought I say no, but I'm not sure.
gukid
join:2005-05-17

gukid

Member

Why even announce this...

I don't get it. Like... a networks security only checks every few packets? Why do they try to scare the public with crap like this that will never actually work? "Burying"... riiiight.

AVD
Respice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ
kudos:1

AVD

Premium Member

looks like BS,

unless your ISP uses a web proxy or somthing.


How about ..