Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Web servers / possible DOS Attack / mime header flooding

From: rich () dynamite org (Rich Wood)
Date: Thu, 3 Sep 1998 21:49:19 +0100

On 3 Sep 98, at 12:34, Laurent FACQ wrote:

#       => by sending a crazy amount of 8000 bytes headers, it's possible
#       to consume a lot of memory (and of course CPU). The point
#       is that httpd daemons grow and STAY at this big size (or die
#       if you send too much)


Tried against apache 1.3.1 on FreeBSD 2.2.6 (DX2-66 16Mb), script hung
after 2500 headers with apache using 30Mb.

Tried against apache 1.3.1 on NT4 (workstation) SP3 (P200 64Mb), after
7500 headers, apache was using 120Mb RAM and the box ground to a halt.

It didn't actually crash apache on either box, but severely reduced the
usefulness of the systems.

Rich
--
Rich Wood
rich () dynamite org
Previous By Date Next
Previous By Thread Next

Current thread: