On Tue, 17 Dec 2002, Eric Rescorla wrote:
> Eric Rescorla <[EMAIL PROTECTED]> writes:
> > Now consider what happens if you're running 512 virtual servers (IPs)
> > with 256 child processes. If Slapper contacts all of them, it will
> > freeze all your children and you're frozen until the timeouts
> > happen. Joe, do you have more virtual servers than children?
> Just to be clear, what I'm trying to figure out is why some people are
> having this problem with OpenSSL and some aren't.
So am I. I was wondering why some of my other webservers we're being hit.
I think Joe hits it on the head with having a critical numbr of virtual
ips... My systems that just shrug off the attacks are compiled the same
way... sometimes on cloned systems. In fact, now that Joe has brought
this to my attention, I think I might try to reduce the number... but I
don't think I can appreciatedly...
> I've long suspected that you could connect to Apache and consume all
> the processes until a timeout. It's very hard to defend against this
> attack since it's hard to distinguish attackers from slow clients. I
> just didn't understand why Slapper was doing it since it only tries to
> probe your machine once AFAIK. But if you have a lot of IPs....
Well, I do get alot of normal hits from people using slow connections...
and before I increased the soft and hard limits, Apache would still remain
responsive... it just rejected new connections and put warnings in the
logs. But, of course these connections would begin and end quickly.
I'm not sure what Slapper connections are doing.
----Steve
Stephen Amadei
Dandy.NET! CTO
Atlantic City, NJ
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
