Article

Article title ANALYSIS OF ATTACK FEATURES TO WEB SERVER THROUGH REQUESTS WITH ERRORS
Authors A.M. Maximov
Section SECTION II. SECURITY OF INFORMATION SYSTEMS AND NETWORKS
Month, Year 12, 2013 @en
Index UDC 004.052.2
DOI
Abstract The article contains review of functioning features of Microsoft IIS web server under conditions when errors occur (error class 4xx, which are HTTP status codes in fact, for example) as result of requests (intentional or unintentional) instead of actual information. Increased resource usage may occur as result of these requests with errors, so if preset limits are reached, it can be a cause of web server denial of service or significant delays in processing of requests of all type (even actual, without evil intent). Besides of description, article contains some test results and conditions for obtaining of these results. Also specifies parameters that must be consider while predicting and evaluating final results and offers methods which can help to smooth negative results for requests, which occurs errors instead of actual results. After reviewing suggested methods, the possible negative aspects of their using were identified. Also was described ways for neutralization their negative effects and reduction of impact on the final result.

Download PDF

Keywords Web server; HTTP status code; workload; DoS attack; IIS; HTTP.
References 1. Максимов А.М., Тищенко Е.Н. Особенности использования носителей информации в защищённых информационных системах // Известия ЮФУ. Технические науки. – 2011. – № 12 (125). – C. 238-244.
2. Ciesielski V., Anand L. Data mining of web access logs from an academic web site. Design and application of hybrid intelligent systems // IOS Press Amsterdam. – 2003. – C. 1034-1043.
3. Тищенко Е.Н., Шарыпова Т.Н. Формализация выбора различных вариантов системы защиты информации от несанкционированного доступа в среде электронного документооборота // Вестник Ростовского государственного экономического университета (РИНХ). – 2010. – № 32. – C. 226-233.

Comments are closed.