On 22/06/2009, at 9:25 PM, Aiko Barz wrote:
On Mon, Jun 22, 2009 at 08:31:01PM +1200, Richard Toohey wrote:
On 20/06/2009, at 8:24 AM, Peter van Oord van der Vlies wrote:
Hi,
Today i some pages are publishing news about a apache DOS tool for
example (http://isc.sans.org/diary.html?storyid=6601) and http://
ha.ckers.org/blog/20090617/slowloris-http-dos/
Does this applies to the openbsd apache to ?
Peter
Looks like it is old ...
http://marc.info/?l=apache-httpd-bugs&m=124533720717343&w=2
And advice here ...
http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos
(Yes, I appreciate that it doesn't directly answer your question,
but might help someone ...)
Nope, this does not help at all. Reducing the Timeout helps for a
second. But reducing the timeout in slowloris.pl too, makes the apache
unreachable within seconds again.
Havent't testet OpenBSD's Apache-1.3 so far. But the only thing, that
helps currently IMHO, is to limit the number of established
connections
per IP. So, one client is not able to block all the available apache
processes (threads) anymore.
So long,
Aiko
--
:wq b�
By "help" I also meant "explain" - not "here's a fix" ... the top
link I posted said this:
<quote>Every network application is affected by such attacks, this is
a protocol
level issue. It occurs at the network layer, not the application layer,
as demonstrated by the fact that AcceptFilter in httpd has no impact on
the attack.
The solution, like the problem, lies in the network layer. See iptables
and similar network stack filters to provide protection against this
vector.</unquote>
Seems like they (and you) are saying are Apache is not the place for
the fix?
Enough from me ...
