Message-ID: <34A92329.BCA30C91@algroup.co.uk>
Date: Tue, 30 Dec 1997 16:36:57 +0000
From: Ben Laurie <ben@algroup.co.uk>
Organization: A.L. Digital Ltd.
MIME-Version: 1.0
To: new-httpd@apache.org
Subject: Re: FW: Apache DoS attack?
References: <XFMail.971230152825.sfx@unix-ag.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

Lars Eilebrecht wrote:
> 
> -----Forwarded message <01bd150a$adb1aa40$987c74c3@lcamtuf>-----
> 
> Message-ID: <01bd150a$adb1aa40$987c74c3@lcamtuf>
> Date: Tue, 30 Dec 1997 11:07:04 +0100
> Reply-To: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski <lcamtuf@POLBOX.COM>
> Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
> From: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski <lcamtuf@POLBOX.COM>
> To: BUGTRAQ@NETSPACE.ORG
> Subject: Apache DoS attack?
> 
> [execuse me if it has been discovered before]
> 
> Here's a simple exploit for Apache httpd version 1.2.x (tested on 1.2.4).
> When launched, causes incerases of victim's load average and extreme
> slowdowns of disk operations. On my i586 Linux annoying slowdown has been
> experienced immediately (after maybe 5 seconds). After about 4 minutes
> work has been turned into real hell (286?).

Before everyone starts pestering the guy about this, I've already asked
him if the number of slashes makes any real difference, or whether it is
simply making large numbers of requests that causes a problem (which
would not really be a huge surprise).

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686|Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |Apache-SSL author
A.L. Digital Ltd,     |http://www.algroup.co.uk/Apache-SSL
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache