Bugtraq mailing list archives
Re: Apache DoS attack?
From: zen () CRIMELAB NET (Zen)
Date: Tue, 30 Dec 1997 06:08:49 -0600
Zalewski <lcamtuf () POLBOX COM> wrote: : Here's a simple exploit for Apache httpd version 1.2.x (tested on : 1.2.4). When launched, causes incerases of victim's load average and : extreme slowdowns of disk operations. On my i586 Linux annoying slowdown : has been experienced immediately (after maybe 5 seconds). After about 4 : minutes work has been turned into real hell (286?). I just tested this exploit on Apache httpd versions 1.0.x, 1.1.x, 1.2.x, and 1.3.x (beta). All of the versions seem to be affected in one way or another, but the 1.0.x and 1.1.x seems to be less effective, since the load average goes down right after the attack has stopped, unlike 1.2.x and 1.3.x, which kept going even after the attack has stopped. -- Zen <zen () crimelab net> Fourth Law of Revision: It is usually impractical to worry beforehand about interferences -- if you have none, someone will make one for you.
Current thread:
- Re: Apache DoS attack? Zen (Dec 30)
- Re: Apache DoS attack? Jim Hribnak (Dec 30)
- <Possible follow-ups>
- Re: Apache DoS attack? Micha³ Zalewski (Dec 30)
- Re: Apache DoS attack? Marc Slemko (Dec 30)
- Re: Apache DoS attack? Marc Slemko (Dec 30)
- Vulnerability in ccdconfig Niall Smart (Dec 30)
- Re: Vulnerability in ccdconfig Warner Losh (Dec 30)
- vhost Solar Designer (Dec 30)
- Re: Apache DoS attack? Marc Slemko (Dec 30)