httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dean gaudet <>
Subject Re: [PATCH] Timeout-based DoS attack fix
Date Fri, 21 Sep 2001 04:41:49 GMT
On Thu, 20 Sep 2001, Ian Morgan wrote:

> RecvTimeout 5
> This will cause any incoming request to timeout if not completed within 5
> seconds. This will cause the above "null" connections to timeout very
> quickly, thereby significantly reducing the number of wasted waiting server
> instances.

so the next version of the DoS will just send a request and then set its
TCP receive window to something really tiny effectively taking forever to
get the response.

for example, take a look at this "white-hat" program which uses the
technique i just described:  <>.

not that having multiple configurable timeouts is a bad thing.  i just
wanted to point out that it's not the end of the story :)


View raw message