httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Morgan Gangwere <0.fracta...@gmail.com>
Subject Re: [users@httpd] Re: Preventing DoS attacks from single client host
Date Sun, 04 Apr 2010 06:03:49 GMT
On 4/3/2010, lots of people chimed in saying things.
Around 00:03 [-7GMT], Morgan Gangwere chimed in to say:

I'd suggest either turning on Syn Cookies, getting mpm_worker running, 
or not really worrying about it. mpm_worker so far for me has been able 
to avoid the Slowloris attack on a 50Mhz ARM9 running an older Apache2 ( 
Apache/2.2.3 (Debian) PHP/5.2.0-8+etch5~pu1 Server at 192.168.0.50 Port 80).

Give You A Hint, I ran a simple Slowloris against that machine:

http://indrora.kicks-ass.org/masq/sysinfo/nutrition_facts.php

Those numbers *are* real FWI.

The real question is, should you really worry? It seems as though to me 
your worries are low.

On a note, someone posted about Slowloris and Apache:
http://bahumbug.wordpress.com/2009/06/21/slowloris/

It talks about mod_evasive -- Which with a little digging, comes up with
http://www.zdziarski.com/blog/?page_id=442
The author's page.


The folks over at O'Reilly SysAdmin have something good to say about it 
(at least to some extent):
http://www.oreillynet.com/sysadmin/blog/2007/10/the_case_for_mod_evasive.html

eth0 has something about it as well:
http://www.eth0.us/mod_evasive

To be frank, if you're worrying about this, you're asking big Whatif 
questions, and thats like asking when the heat-death of the universe is 
going to cause the nearest convenience store to become a little less 
convenient to go to. If your stuff is under attack and your servers just 
Cant Handle The Load (tm) then you've got bigger problems, like 
wondering if you should just halt, pause and reboot. [FWI, thats what 
the Air Force in the USA does when major feces hits the blower at 
Cybercommand]


-- 

Morgan Gangwere

 >> Why?
 > Because it breaks the logical flow of conversation, plus makes 
messages unreadable.
 >>> Top-Posting is evil.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message