Bugtraq mailing list archives
Re: Apache DoS attack?
From: lcamtuf () POLBOX COM (Micha³ Zalewski)
Date: Tue, 30 Dec 1997 17:34:47 +0100
Apache patch by Mark Lowes: [...] + /* Compress multiple '/' characters into one */ + /* To prevent "GET //////..." attack */ [...] After a few tests I discovered that Apache first looks for files [index|homepage].[html|shtml|cgi] (probably it makes over 32000 chdirs:), then dies, throwing 'filename too long' error into logs. Client gets 'Forbidden' response and disconnects. But httpd child process still stays in background, wasting large amount of CPU time and system resources. Note it happends _only_ after this error, so '//...' sequence must as long as it's possible (about 7 kB). The PERFECT httpd patch should also fix httpd's cleanup, to make httpd a little more stable :) _______________________________________________________________________ Michal Zalewski [tel 9690] | finger 4 PGP [lcamtuf () boss staszic waw pl] =--------- [ echo "while [ -f \$0 ]; do \$0 &;done" >_;. _ ] ---------=
Current thread:
- Re: Apache DoS attack? Zen (Dec 30)
- Re: Apache DoS attack? Jim Hribnak (Dec 30)
- <Possible follow-ups>
- Re: Apache DoS attack? Micha³ Zalewski (Dec 30)
- Re: Apache DoS attack? Marc Slemko (Dec 30)
- Re: Apache DoS attack? Marc Slemko (Dec 30)
- Vulnerability in ccdconfig Niall Smart (Dec 30)
- Re: Vulnerability in ccdconfig Warner Losh (Dec 30)
- vhost Solar Designer (Dec 30)
- Re: Apache DoS attack? Marc Slemko (Dec 30)