Bugtraq mailing list archives
Re: Apache DoS Attack
From: pim () WEBCITY NL (Pim van Riezen)
Date: Tue, 11 Aug 1998 21:48:31 -0700
Jonathan Freeman wrote:
We just tested the Sioux (Apache DoS) bug on: <> IIS 3.0 (Service Pack 3) causes immediate jump to 100% CPU for approx. 5 seconds multiple attacks can keep the CPU in the 90% range <> IIS 4.0 (Service Pack 3) causes immediate jump to 80% CPU for approx. a half second multiple attacks DO NOT cause more thank 40% sustained CPU range <> Apache 1.1.1 (Unix) (Caldera OpenLinux) causes jump to 66% CPU for each get request and attempts to use all available swap space for memory. Can be DoS'd easily. <> WebSitePro 2.3.4 (Service Pack 3) causes immediate jump to 99% CPU for approx. 5 seconds unknown if DoS would be possible for multiple attacks
Is there any good reason for any of these programs to merge headers internally in the first place? I'm wonder because I am actually working on a webserver and noted that the code wasn't vulnerable because of the way I chose to implement header-handling (which didn't include any header-merging code). I wonder if there are any situations where a client legitimately sends two headers of the same type (in which case I would have to add header-merging code) or is this following conventions for the sake of following conventions (in which case I might feel inclined to stay lazy :-)? Input is welcome. Regards, Pim van Riezen -- "I'm at the corner of Walk and Don't Walk, where shall we meet?" Operations - SaltLake.UT.US.Undernet.Org Channel LART - #linux Undernet Programmer sometimes LART - Microhill Automation Cat5 Monkey - Webcity / Internet Facilities Europe Eerie-eyed Visionair Software Developer - StealthTech Networking
Current thread:
- Apache DoS Attack Jamie Orzechowski (Aug 10)
- <Possible follow-ups>
- Re: Apache DoS Attack Jonathan Freeman (Aug 11)
- Re: Apache DoS Attack Pim van Riezen (Aug 11)
- Re: Apache DoS Attack Dean Gaudet (Aug 12)
- Re: Apache DoS Attack Paul Leach (Aug 12)