This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:OWASP WS Amplification DoS Project

From OWASP
Revision as of 09:59, 3 December 2013 by Rick.mitchell (talk | contribs) (Confirmed on Axis2: new section)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Confirmed on Axis2

I've just done a Web Services VA of some components hosted via Axis2 and can confirm that I can use WS Amplification to DoS a third party by altering the wsa:Address within wsa:ReplyTo. Sadly I had limited options while testing so my box initiating the requests also had to be receiving them, but I can differentiate inbound vs outbound traffic and definitely see an inbound spike which without too much more effort could easily result in a DoS.

I'll see if I can do some further work later this week. Rick.mitchell (talk) 03:59, 3 December 2013 (CST)

Retrieved from "https://wiki.owasp.org/index.php?title=Talk:OWASP_WS_Amplification_DoS_Project&oldid=164177"