Yesterday an interesting HTTP DoS tool has been released. The tool performs a Denial of Service attack on Apache (and some other, see below) servers by exhausting available connections. While there are a lot of DoS tools available today, this one is particularly interesting because it holds the connection open while sending incomplete HTTP requests to the server. |
Bojan 403 Posts ISC Handler Jun 18th 2009 |
Thread locked Subscribe |
Jun 18th 2009 1 decade ago |
Interesting to see if anyone has tried this with the FreeBSD accf_http kernel module. It has been around since Fbsd 4.0 and apache 1.3.22, but at a glance I find few (as in none) benchmarks of it.
Kernel buffers are still a limited resource, but apache should not see the connections until a full finished http header has been recieved. |
Anonymous |
Quote |
Jun 18th 2009 1 decade ago |
accf_http would rather create more trouble (no mbufs) - as far as i remember the accf_htp code doesnt kill-for-reuse bogus connections. the accf framework may be used tho to create a custom handler for this type of problem. plus there is the POST problem
|
Anonymous |
Quote |
Jun 20th 2009 1 decade ago |
although the original article (written 2 years ago?) wasnt meant to be a bug/flaw report it still describes in detail the way one would drive a successfull attack on (probably most of the) web servers: http://pub.mud.ro/~cia/computing/apache-httpd-denial-of-service-example.html
|
Anonymous |
Quote |
Jun 20th 2009 1 decade ago |
There is also another layer-7 DoS tool named:
R-U-Dead-Yet It uses the recent HTTP POST form field attack. Read more and download at: http://chaptersinwebsecurity.blogspot.com/2010/11/universal-http-dos-are-you-dead-yet.html |
Anonymous |
Quote |
Nov 17th 2010 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!