On Mon, Jun 22, 2009 at 04:36:58PM +0200, Jonas Thambert wrote: > Aiko Barz wrote: > > On Mon, Jun 22, 2009 at 09:32:56PM +1200, Richard Toohey wrote: > >> The solution, like the problem, lies in the network layer. See iptables > >> and similar network stack filters to provide protection against this > >> vector.</unquote> > >> > >> Seems like they (and you) are saying are Apache is not the place for the > >> fix? > > > > The apache would be the right place to fix the issue IMHO since other > > webservers are not affected that much. Maybe something like not counting > > an unfinished request as an active workerthread. But this is up to the > > people who know the program internals, which I don't. > > > > So long, > > Aiko > > This is more intresting: > > http://www.phrack.com/issues.html?issue=66&id=9#article > > //Jonas >
That looks like much lower level TCP timer stuff whereas the slowloris DOS can be replicated with telnet or netcat.
