httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ivan Barrera A." <>
Subject Re: Checkin for timeout?
Date Thu, 28 Apr 2005 17:41:09 GMT
>> I've made my peace with trying to read a request byte to byte. However,
>> i'm still trying to get the time between line-input from sockets.
>> It is pretty easy to DoS Apache, with a small
>> (put-your-favorite-scripting-language-here) script, where i input a line
>> .. wait a little less that the timeout (about 50 seconds), then start
>> writing another line (some header) wait another 50 secs.. and start
>> another line, and so on.
>>  That way, anyone can easily DoS any apache server, just making all the
>> connections to be busy with a fake-slow-client.
> I'm certainly not an expert in this, but this seems like a lost cause
> from the start.  Any criteria you set for your between-packet timeout
> would only result in a small increase in the resources necessary for the
> attacker.  I doubt you could tune it in a way to prevent someone with a
> DSL line from plugging up your server.

That is true. But the idea beneath this, is detecting the atacckers.
Then, issuing the ip to a text file, which will be read by another
script that will fed the firewall to block connections.
Although it should increase the resources being used, it should be
minimal, as they aren't that expensive.

> I believe that people handle this type of DoS by limiting connections
> per IP address or by using a server that can handle lots and lots of
> client connections (such as one of apache's threaded mpms or an
> event-based server).

I've managed to make a denial on a real BIG server here. (with any of
the threaded mpms). That's why i'm developing such a tool. (my mod is
blocking flood connections, repeated conecctions, and is protecting a
lot. But this kind of exploit, although we've never been attacked that
way, is more effective than any of the others)

> Joshua.

View raw message