You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Lars Eilebrecht <La...@unix-ag.org> on 1997/12/30 15:28:25 UTC
FW: Apache DoS attack?
-----Forwarded message <01...@lcamtuf>-----
Message-ID: <01...@lcamtuf>
Date: Tue, 30 Dec 1997 11:07:04 +0100
Reply-To: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski <lc...@POLBOX.COM>
Sender: Bugtraq List <BU...@NETSPACE.ORG>
From: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski <lc...@POLBOX.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: Apache DoS attack?
[execuse me if it has been discovered before]
Here's a simple exploit for Apache httpd version 1.2.x (tested on 1.2.4).
When launched, causes incerases of victim's load average and extreme
slowdowns of disk operations. On my i586 Linux annoying slowdown has been
experienced immediately (after maybe 5 seconds). After about 4 minutes
work has been turned into real hell (286?).
Attached program ('beck') is a shell script. It works by sending
excessive http requests with thousands of '/'s inside (parsed from file
'beck.dat'). Single request causes just a little longer thinking of
Apache. But when requests are sent from a loop - huh, victim
system becomes slower and slower... At least on my machine, maybe when
Apache is running on a lightspeed workstation this script makes no
difference.
PS. Fast connection should help... All depends on victim's system
performance.
_______________________________________________________________________
Michal Zalewski [tel 9690] | finger 4 PGP [lcamtuf@boss.staszic.waw.pl]
=--------- [ echo "while [ -f \$0 ]; do \$0 &;done" >_;. _ ] ---------=
--------------End of forwarded message-------------------------
ciao...
--
Lars Eilebrecht - Don't use no double negatives, not never.
sfx@unix-ag.org
http://www.si.unix-ag.org/~sfx/
Re: FW: Apache DoS attack?
Posted by Ben Laurie <be...@algroup.co.uk>.
Lars Eilebrecht wrote:
>
> -----Forwarded message <01...@lcamtuf>-----
>
> Message-ID: <01...@lcamtuf>
> Date: Tue, 30 Dec 1997 11:07:04 +0100
> Reply-To: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski <lc...@POLBOX.COM>
> Sender: Bugtraq List <BU...@NETSPACE.ORG>
> From: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski <lc...@POLBOX.COM>
> To: BUGTRAQ@NETSPACE.ORG
> Subject: Apache DoS attack?
>
> [execuse me if it has been discovered before]
>
> Here's a simple exploit for Apache httpd version 1.2.x (tested on 1.2.4).
> When launched, causes incerases of victim's load average and extreme
> slowdowns of disk operations. On my i586 Linux annoying slowdown has been
> experienced immediately (after maybe 5 seconds). After about 4 minutes
> work has been turned into real hell (286?).
Before everyone starts pestering the guy about this, I've already asked
him if the number of slashes makes any real difference, or whether it is
simply making large numbers of requests that causes a problem (which
would not really be a huge surprise).
Cheers,
Ben.
--
Ben Laurie |Phone: +44 (181) 735 0686|Apache Group member
Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |Apache-SSL author
A.L. Digital Ltd, |http://www.algroup.co.uk/Apache-SSL
London, England. |"Apache: TDG" http://www.ora.com/catalog/apache