slowloris http dos
bernhardredl at gmail.com
bernhardredl at gmail.com
Sun Jul 12 20:08:35 CEST 2009
hi
you may have heard about the slowloris http dos.
it is an prove of concept very very low bandwidth dos.
with this tool an attacker with an 1MBit upload connection can completely interrupt service on an state of the art webserver running apache.
according to the project's website http://ha.ckers.org/slowloris/ apache and squid are affected.
nginx and iis6,7 are not.
i recently testet varnish 2.0.4 and it is affected too.
perl slowloris.pl -dns 192.168.178.67 -port 81 -timeout 1 -num 1000 -tcpto 5
this line resulted in a total Denial of Service. Altought the underlying apache 192.168.178.67:80 was fully operate able during the attack
varnishstat shows a lot this:
2544 0.00 2.67 N overflowed work requests
20533 478.00 21.52 N dropped work requests
cpu & ram & bandwidth utilization : none
is there a possibility to fix this? or at least to get a bugreport.
Because i think a varnish cluster will be affected too.
yours
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 270 bytes
Desc: OpenPGP digital signature
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-dev/attachments/20090712/05b75392/attachment-0003.pgp>
More information about the varnish-dev
mailing list