httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Kraemer <Martin.Krae...@mch.sni.de>
Subject Re: [PATCH] fix pcfg_openfile() (was: mod_auth-any/1672: Authentication / .htaccess DoS attack)
Date Thu, 15 Jan 1998 21:04:47 GMT
On Thu, Jan 15, 1998 at 01:43:42PM -0700, Marc Slemko wrote:
> This does not completely prevent the attempt at reading the file from
> blocking (only in at least 99% of the cases; although 1% can be bad...)
> but does make it a lot more difficult for it to block and prevents endless
> reads.  
I think that blocking is not the only result of this kind of DoS attack:
even when the server continues to read (/dev/zero), it will NEVER reach
EOF. So huge amounts of CPU power can be bound by a few evil processes.

> Heck, lets think up some cool attacks on systems that use automounters or
> AFS.

What a cruel idea...! Oh, yes, that could take some time...

    Martin
-- 
| S I E M E N S |  <Martin.Kraemer@mch.sni.de>  |      Siemens Nixdorf
| ------------- |   Voice: +49-89-636-46021     |  Informationssysteme AG
| N I X D O R F |   FAX:   +49-89-636-44994     |   81730 Munich, Germany
~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request

Mime
View raw message