Re: Hackers jam Microsoft's site

Robert S. Thau (
Sat, 21 Jun 1997 12:43:50 -0400 (EDT)

Robert Harley writes:
> Does anyone know what the URL for slugging an NT machine is? Any bets
> that it's a telnet to port 139, something like this:
> telnet://

The bug that's getting the press involves nothing so exotic --- it's a
standard HTTP request for a URL of the form:

with the "correct" number of X's (typically in the range of a few
thousand). Note that:

*) The number of X's required to kill web service seems to vary
from installation to installation
*) However, *precisely* that many X's must be used -- one fewer,
and the query is processed normally; one more, and you get a
bogus 40x error of some kind, but the server remains up.

An exploit for the bug, written in Java for no particular reason,
is available at (along with
documentation which seems to encourage hostile use in the usual
"of course no one responsible would actually *want* to... nudge
nudge, wink wink" style).