On Nov 23, 2007 4:48 AM, Sam Testuser <toximoron_x2@xxxxxxxxxxx> wrote: > This attack has many special traits. One of the more annoying ones is > sudden and total death. I'm not sure how that is a "special trait" of this attack. My point is quite simple: this particular attack (and most other similar ones) are blocked by simple firewall rules limiting concurrent connections per IP or network. Except in the case of DDoS or other very-well-resourced attackers. And in those cases I don't see any point in worrying about this attack since there are so many other more-effective and harder-to-detect attacks. If you want to get back to apache httpd, then this attack is a pretty-much unavoidable consequence of the one-connection-per-thread/process model that httpd shares with many other network servers. An event-based model deals much better with this kind of thing. But I don't see the point in moving to an event-based model simply to avoid this attack, for the reasons I mention above. (There are other good reasons to move in this direction, however.) Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|