Re: How to prevent from simple DoS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Nov 22, 2007 11:13 AM, Sam Testuser <toximoron_x2@xxxxxxxxxxx> wrote:
> Joshua Slive <joshua@xxxxxxxx> wrote:
>
> Apache httpd does log when a connection hits a TimeOut. (Or if it
> doesn't, that is certainly a bug that should be reported.) So I don't
> really understand the premise here.
> If you hit the timeout, the request is logged in the error log at loglevel
> error.
> That much is true. But it is not very difficult to work around the timeout.
> It is usually reset after every TCP package as it is being recieved. Even
> for
> the header phase on those apache servers I checked. (However, the
> documentation advertises "The total amount of time it takes to receive a GET
> request.")
>
> If I work around the timeout n times and finally send a valid request,
> then I am able to block a thread/process for n * timeout - 1 and nothing
> appears in the logfile. There are the header limit directives, but it is
> hardly possible to set them to very low values and besides: who
> cares about headers, when there is a request body do be slowed down.
>
> As a sidenote: netstat on Linux reveals a few interesting timing infos.
> Other operation systems seem to be less verbose in this regard.

Ok. I see the issue better now.

But what really is the point in trying to eliminate the client who
dribbles out data in order to get around the TimeOut? If you are
performing a DDoS, you can easily behave just like an ordinary client
(requesting real files), and thereby be almost undetectable. Why
bother playing silly timeout tricks?

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux