Re: How to prevent from simple DoS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

2007/11/19, Christian Folini <christian.folini@xxxxxxx>:
> > > > As I understand the issue it's a very simple DoS as it neither does
> > > > require a lot of cpu nor bandwidth on the client side.
>
> Is there a proper name for this kind of attack. I am not sure
> the original question was referring to a real attack. But if
> it is one, what would be the correct name for this type?
> I have been referring to it as "Request Delaying". But there
> might be a better name, that is more widespread.
>
> See http://permalink.gmane.org/gmane.comp.apache.mod-security.user/1923
> form some thoughts.

Hi Christian

I don't know any particular name for this attack, but I guess "Request
Delaying" is suitable.

I'm actually not entirely sure whether I'm dealing with an attack or
not, but currently I tend more towards some corrupted client software
/ script or the like, as it only happens about once a week, never
lasts longer than a few minutes and originates always from very
different ip addresses. In addition I searched the logfiles for these
ips and always found legitimate traffic before the "attack".

Interestingly on a test on Apache 2.2.3 from Debian Etch the behaviour
seems to be different. When opening a telnet session it doesn't look
like a httpd child has been assigned to this connection and it isn't
even mentioned in the server-status page. Maybe this issue has already
been addressed in newer releases?

Note the different output from netstat on Apache 2.0.54/Debian Sarge
when telnetting to the server (State, User, INode, PID):
ESTABLISHED  33         18526669   15770/apache2

and Apache 2.2.3/Debian Etch:
SYN_RECV   0          0          -

The requests are really handled very differently.


Thanks for your help, Ben

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux