httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject Apache memory/process management. (fwd)
Date Wed, 31 Dec 1997 17:23:50 GMT

You create a document tree where Apache has to do a lot of work to serve
files then get upset when Apache does a lot of work.  In this case, it has
to look for a lot of htaccess files.  I guess adding a "MaxDirLength"
directive or something would remove this.

I'm not sure what to make of the "The only thing I want to show is very
ineffective management of memory, CPU time and other resources" statement.
Similar comments about Apache doing all sorts of horrible things when it
was really just using a lot of CPU were made for the previous DoS attack.

---------- Forwarded message ----------
Date: Wed, 31 Dec 1997 17:09:22 +0100
From: "[iso-8859-2] MichaƂ Zalewski" <>
Subject: Apache memory/process management.

Here is another (less interesting) example of Apache DoS attack,
called 'beck2'. The only thing I want to show is very ineffective
management of memory, CPU time and other resources. This attack is
possible in two cases:

1. Attacker owns an account on a victim machine, or
2. Victim's directory structure is very deep (?).

When one of above statements is true, it's possible to perform a
remote attack, even when Apache has been already patched against
first version of 'beck'. More details can be deducted from
sources :)

In well-configured system, any kind DoS attack should be at least
ineffective (resources *required* to attack should be significally
larger than resources *affected* by attack ;). Unfortunately, it's
very, very easy to attack Apache servers using minimal amount of
time and brain resources :) Maybe it's time to rewrite larger parts
of code?

Michal Zalewski [tel 9690] | finger 4 PGP []
=--------- [ echo "while [ -f \$0 ]; do \$0 &;done" >_;. _ ] ---------=

View raw message