httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Krennmair ...@synflood.at>
Subject Re: Mitigating the Slowloris DoS attack
Date Wed, 24 Jun 2009 09:36:21 GMT
* Joe Orton <jorton@redhat.com> [2009-06-24 11:20]:
>Meh.  There will always be a maximum to the number of concurrent 
>connections a server can handle - be that hardware, kernel, or server 
>design.  If you allow a single client to establish that number of 
>connections it will deny service to other clients.
>
>That is all that "slowloris" does, and you will always have to mitigate 
>that kind of attack at network/router/firewall level.  It can be done 
>today on Linux with a single trivial iptables rule, I'm sure the same is 
>true of other kernels.

I think you confuse the PoC tool with the fundamental problem. You can't fend 
off this kind of attack at TCP level, at least not in cases where the n 
connections that block Apache are made by not 1 but n hosts.

Regards,
Andreas

Mime
View raw message