httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dean gaudet <d...@arctic.org>
Subject Re: [PATCH] Timeout-based DoS attack fix
Date Fri, 21 Sep 2001 04:41:49 GMT
On Thu, 20 Sep 2001, Ian Morgan wrote:

> RecvTimeout 5
>
> This will cause any incoming request to timeout if not completed within 5
> seconds. This will cause the above "null" connections to timeout very
> quickly, thereby significantly reducing the number of wasted waiting server
> instances.

so the next version of the DoS will just send a request and then set its
TCP receive window to something really tiny effectively taking forever to
get the response.

for example, take a look at this "white-hat" program which uses the
technique i just described:  <http://www.hackbusters.net/LaBrea/>.

not that having multiple configurable timeouts is a bad thing.  i just
wanted to point out that it's not the end of the story :)

-dean


Mime
View raw message