Bugtraq mailing list archives
Re: Web servers / possible DOS Attack / mime header flooding
From: rich () dynamite org (Rich Wood)
Date: Thu, 3 Sep 1998 21:49:19 +0100
On 3 Sep 98, at 12:34, Laurent FACQ wrote:
# => by sending a crazy amount of 8000 bytes headers, it's possible # to consume a lot of memory (and of course CPU). The point # is that httpd daemons grow and STAY at this big size (or die # if you send too much)
Tried against apache 1.3.1 on FreeBSD 2.2.6 (DX2-66 16Mb), script hung after 2500 headers with apache using 30Mb. Tried against apache 1.3.1 on NT4 (workstation) SP3 (P200 64Mb), after 7500 headers, apache was using 120Mb RAM and the box ground to a halt. It didn't actually crash apache on either box, but severely reduced the usefulness of the systems. Rich -- Rich Wood rich () dynamite org
Current thread:
- Re: Security Hole in Axent ESM Jeffrey Hutzelman (Aug 31)
- Re: Security Hole in Axent ESM Caskey L. Dickson (Sep 01)
- Re: Security Hole in Axent ESM Taral (Sep 02)
- Re: Security Hole in Axent ESM Patrick (Sep 02)
- Borderware predictable initial TCP racer-x () ALTAVISTA NET (Sep 02)
- Re: Borderware predictable initial TCP Aggelos P. Varvitsiotis (Sep 03)
- Web servers / possible DOS Attack / mime header flooding Laurent FACQ (Sep 03)
- Re: Web servers / possible DOS Attack / mime header flooding Vanja Hrustic (Sep 03)
- wwwboard.pl vulnerability bugtraq (Sep 03)
- Re: Web servers / possible DOS Attack / mime header flooding Rich Wood (Sep 03)
- Re: Web servers / possible DOS Attack / mime header flooding Daniel Leeds (Sep 03)
- Re: Web servers / possible DOS Attack / mime header flooding Lars Eilebrecht (Sep 03)
- Re: Security Hole in Axent ESM Taral (Sep 02)
- Fwd: [ISN] Another BO detector that is actually a trojan Reuben Yau (Sep 03)
- Security Bulletins Digest (fwd) Piotr Strzy¿ewski (Sep 03)
- Back Orifice detection and removal The Late Ian Angles (Sep 03)
- Re: Security Hole in Axent ESM Caskey L. Dickson (Sep 01)
- Cisco Security Notice: PIX Firewall Manager File Exposure psirt () CISCO COM (Sep 02)
- <Possible follow-ups>
- Re: Security Hole in Axent ESM Jim Dennis (Sep 03)
- Re: Security Hole in Axent ESM dcupp () SNAKEBITE COM (Sep 24)