On 4/3/2010, lots of people chimed in saying things. Around 00:03 [-7GMT], Morgan Gangwere chimed in to say:I'd suggest either turning on Syn Cookies, getting mpm_worker running, or not really worrying about it. mpm_worker so far for me has been able to avoid the Slowloris attack on a 50Mhz ARM9 running an older Apache2 ( Apache/2.2.3 (Debian) PHP/5.2.0-8+etch5~pu1 Server at 192.168.0.50 Port 80).
Give You A Hint, I ran a simple Slowloris against that machine: http://indrora.kicks-ass.org/masq/sysinfo/nutrition_facts.php Those numbers *are* real FWI.The real question is, should you really worry? It seems as though to me your worries are low.
On a note, someone posted about Slowloris and Apache: http://bahumbug.wordpress.com/2009/06/21/slowloris/ It talks about mod_evasive -- Which with a little digging, comes up with http://www.zdziarski.com/blog/?page_id=442 The author's page.The folks over at O'Reilly SysAdmin have something good to say about it (at least to some extent):
http://www.oreillynet.com/sysadmin/blog/2007/10/the_case_for_mod_evasive.html eth0 has something about it as well: http://www.eth0.us/mod_evasiveTo be frank, if you're worrying about this, you're asking big Whatif questions, and thats like asking when the heat-death of the universe is going to cause the nearest convenience store to become a little less convenient to go to. If your stuff is under attack and your servers just Cant Handle The Load (tm) then you've got bigger problems, like wondering if you should just halt, pause and reboot. [FWI, thats what the Air Force in the USA does when major feces hits the blower at Cybercommand]
-- Morgan Gangwere >> Why?> Because it breaks the logical flow of conversation, plus makes messages unreadable.
>>> Top-Posting is evil. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx