35
Attack Detection – HTTP headers
Target
of attacks: overflow (DoS) attacks, source disclosure, site manipulation (using non standard methods – WebDAV)
Log manifestation:
•HTTP header attacks:
particularly evasive - seldom logged
•Non-standard methods
(not HEAD/GET/POST) – e.g. PUT, DELETE, SEARCH, ... (logged)
•Non standard header
names. Know the standard header names and what values to expect. Look at RFC 2616 (HTTP/1.1).
•Cookie poisoning –
repetitive attempts to feed cookies with invalid session IDs
•overlong
values/non-ASCII characters. Note: usually characters are not URL-encoded