httpd-wiki-changes mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Httpd Wiki] Update of "DoS" by niq
Date Thu, 25 Jun 2009 02:56:06 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The following page has been changed by niq:
http://wiki.apache.org/httpd/DoS

------------------------------------------------------------------------------
  The original slowloris is a perl script, though there are apparently other equivalent scripts
floating around.  My own testing involved the perl script, on Opensolaris and Linux platforms.
 It works by opening huge numbers of concurrent connections to the target server, and holding
them open so they are unavailable for normal traffic.
  
  The slowloris author notes that the script was ineffective running on Windows, because it
only made about 130 concurrent outgoing connections.  I observed similar limitations on *X
platforms: on Opensolaris it was 252, and on Linux it was 1020.  I suspect those could be
varied by tuning the host's kernel parameters and/or the Perl build, but I haven't investigated
that.
+ 
+ The slowloris script is also a big CPU drain on its own host.  Running it on my opensolaris
box, it took around 50% of the CPU (as shown by top(1)) to hold 252 connections open and trickle
data.  On linux it was over 99% to hold 1020 connections.  Running both slowloris and apache
on the linux box, apache responded effortlessly to /server-status requests while servicing
the slowloris attack, all while sharing the <1% of CPU left by slowloris with top and the
Gnome desktop.
  
  MaxClients
  

Mime
View raw message