slowloris http dos

bernhardredl at gmail.com bernhardredl at gmail.com
Sun Jul 12 20:08:35 CEST 2009


hi
you may have heard about the slowloris http dos.
it is an prove of concept very very low bandwidth dos. 

with this tool an attacker with an 1MBit upload connection can completely interrupt service on an state of the art webserver running apache.

according to the project's website http://ha.ckers.org/slowloris/ apache and squid are affected.
nginx and iis6,7 are not.

i recently testet varnish 2.0.4 and it is affected too. 
perl slowloris.pl -dns 192.168.178.67 -port 81 -timeout 1 -num 1000 -tcpto 5

this line resulted in a total Denial of Service. Altought the underlying apache 192.168.178.67:80 was fully operate able during the attack

varnishstat shows a lot this:
     2544         0.00         2.67 N overflowed work requests
     20533       478.00        21.52 N dropped work requests

cpu & ram & bandwidth utilization : none

is there a possibility to fix this? or at least to get a bugreport. 
Because i think a varnish cluster will be affected too.

yours
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 270 bytes
Desc: OpenPGP digital signature
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-dev/attachments/20090712/05b75392/attachment-0003.pgp>


More information about the varnish-dev mailing list