Are these just SYN packets? What is the size of these packets? I suppose one could combine firewall connection rate throttling against packets hitting port 443 which are between size n and m. If the full TCP handshake does complete, does the slapper actually send a GET or POST (or does it just connect fully and then wait)?
Michael On Thu, 19 Dec 2002, Barry, Richard wrote: > > >>This is a classic denial-of-service which is impossible to defend against at > >>the application level. > > > > Nonsense. It's a result of a design flaw (process per connection, with the > >process assigned before the connection is validated along with a limited > >number of processes) in the application. It could be defended against at the > >application level any number of ways. > > It doesn't matter if the design is one process per connection or one thread per >connection. The Apache server accepts the connection and waits for data until a timer >expires. If a malicious client has enough resources, it can consume all available >connections until the server times them out. And then the client can try it all over >again. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > -- /* BEGIN SIG * * "Afraid of change, afraid of staying the same, * when tempation calls, we just look away." * - Barenaked Ladies * * "He started writing in mirror writing, 'Help! I'm * trapped behind the world.'" * - New York State Journal of Medicine * *----------------------------- * Michael Chang * [EMAIL PROTECTED] * http://www.syndetic.org/ */ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
