Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 15926 invoked from network); 23 Jun 2009 13:12:06 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 23 Jun 2009 13:12:06 -0000 Received: (qmail 99574 invoked by uid 500); 23 Jun 2009 13:12:14 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 99511 invoked by uid 500); 23 Jun 2009 13:12:14 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 99502 invoked by uid 99); 23 Jun 2009 13:12:14 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Jun 2009 13:12:14 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of bastien.legras@capgemini.com designates 198.184.232.71 as permitted sender) Received: from [198.184.232.71] (HELO IRSEORB-C650-01-D1-bounce.capgemini.com) (198.184.232.71) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Jun 2009 13:12:03 +0000 X-IronPort-AV: E=Sophos;i="4.42,275,1243807200"; d="scan'208";a="94919183" Received: from mail-ew0-f214.google.com ([209.85.219.214]) by IRSEORB-C650-01-D1-bounce.capgemini.com with ESMTP; 23 Jun 2009 15:11:38 +0200 Received: by ewy10 with SMTP id 10so76330ewy.23 for ; Tue, 23 Jun 2009 06:11:33 -0700 (PDT) MIME-Version: 1.0 Received: by 10.216.28.198 with SMTP id g48mr20158wea.109.1245762685216; Tue, 23 Jun 2009 06:11:25 -0700 (PDT) From: Bastien LEGRAS Date: Tue, 23 Jun 2009 15:11:05 +0200 Message-ID: <43fc0cac0906230611h41b83140l63456ce46e525e85@mail.gmail.com> To: users@httpd.apache.org Content-Type: multipart/alternative; boundary=0016e6db5c0c53a9f7046d03ba62 X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] Apache 1.x & 2.x vulnerability against simple DoS attacks --0016e6db5c0c53a9f7046d03ba62 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" Hi, I just tried the perl script against my 2.2 apache under ubuntu 8.04 and found I could make my apache server unavailable in 30 sec with the little hack script you can find here http://ha.ckers.org/slowloris/ Has anyone heard of a configuration or a ongoing fix to protect Apache against such attacks ? Thanks --=20 Cordialement / Best Regards Bastien LEGRAS This message contains information that may be privileged or confidential an= d is the property of the Capgemini Group. It is=20 intended only for the person to whom it is addressed. If you are not the in= tended recipient, you are not authorized to=20 read, print, retain, copy, disseminate, distribute, or use this message or = any part thereof. If you receive this message=20 in error, please notify the sender immediately and delete all copies of thi= s message. --0016e6db5c0c53a9f7046d03ba62 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="iso-8859-1" Hi,

I just tried the perl script against my 2.2 apache under ubuntu = 8.04 and found I could make my apache server unavailable in 30 sec with the= little hack script you can find here http://ha.ckers.org/slowloris/

Has anyone heard of a configuration or a ongoing fix to protect Apache = against such attacks ?

Thanks

--
Cordialeme= nt / Best Regards

Bastien LEGRAS






This message contains information that may be privileged or confidential an=
d is the property of the Capgemini Group. It is=20
intended only for the person to whom it is addressed. If you are not the in=
tended recipient, you are not authorized to=20
read, print, retain, copy, disseminate, distribute, or use this message or =
any part thereof. If you receive this message=20
in error, please notify the sender immediately and delete all copies of thi=
s message.

--0016e6db5c0c53a9f7046d03ba62--