Correct this is from that article. Though similar attacks in the past were done like this with the echo service. I don't think its overreacting especially with this article out now im sure a number of people will be playing with this.
Limit Trace did not work hence myself starting to hack into the source. I did not see a way to override the defaults in the config... though in iplanet you can disable this unlike the article notes. -MJ > -----Original Message----- > From: Edward S. Marshall [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 23, 2003 10:12 AM > To: [EMAIL PROTECTED] > Subject: Re: RFC TRACE > > > On Thu, Jan 23, 2003 at 09:59:53AM -0500, Johnson, Michael wrote: > > Can Trace be disabled im looking through the source and not > seeing a flag to > > disable this? > > Let the over-reacting begin. :-P > > (In case someone missed it, the "whitepaper" for what he's > reacting to is > available at http://www.whitehatsec.com/news.html ... which amounts to > little more than a publicity stunt on the part of WhiteHat Security.) > > To answer the question, I'm sure <Limit TRACE> in the > configuration file > will probably do the right thing in this case, but that's > untested on my > part. > > -- > Edward S. Marshall <[EMAIL PROTECTED]> > http://esm.logic.net/ > > Felix qui potuit rerum cognoscere causas. >
