<font color="#000000"><font size="2"><font face="trebuchet ms,sans-serif">Reading that article it says:<br></font></font></font><div><font class="Apple-style-span" face="'trebuchet ms', sans-serif">"<meta charset="utf-8"><span class="Apple-style-span" style="color: rgb(204, 204, 204); font-family: 'Lucida Grande', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22px; ">So… nginx is a good web server, use it! <img src="http://blog.rayfoo.info/wp-includes/images/smilies/icon_wink.gif" alt=";)" class="wp-smiley" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; outline-width: 0px; outline-style: initial; outline-color: initial; font-size: 13px; vertical-align: baseline; background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: transparent; background-position: initial initial; background-repeat: initial initial; "></span></font><font class="Apple-style-span" face="'trebuchet ms', sans-serif"><span class="Apple-style-span" style="color: rgb(204, 204, 204); font-family: 'Lucida Grande', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22px; ">"</span><br>
</font></div><div><div class="gmail_quote"><br></div><div class="gmail_quote">Their conclusion was that nginx handles that type of attack very well and you would need a DDoS attack (and a large one at that) to bring down a single nginx server. Are there other examples of attacks that you have found that nginx is susceptible to? I have not heard of any specific vulnerabilities of nginx that are not common to any other webserver like simple bandwidth flooding. </div>
<div class="gmail_quote"><br></div><div class="gmail_quote">Rami</div><div class="gmail_quote"><br></div><div class="gmail_quote"><br></div><div class="gmail_quote">On Mon, Jul 25, 2011 at 1:09 PM, Mel Brands <span dir="ltr"><<a href="mailto:bighype@gmail.com">bighype@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hi guys,<br>
<br>
I am curious as to how nginx deals with DDoS attacks that attack<br>
through app layer, layer 7. I managed to find this page:<br>
<br>
<a href="http://blog.rayfoo.info/2009/10/testing-slowloris-against-nginx" target="_blank">http://blog.rayfoo.info/2009/10/testing-slowloris-against-nginx</a><br>
<br>
which claims that nginx is susceptible to the attack. Since this is<br>
from 2009, has anything changed?<br>
<br>
Also, has anyone tested nginx vs R-U-DEAD-YET (RUDY)? I haven't found<br>
any tests online...<br>
<br>
<a href="http://code.google.com/p/r-u-dead-yet/" target="_blank">http://code.google.com/p/r-u-dead-yet/</a><br>
<br>
I ask because these types of attacks are becoming extremely common and<br>
hacktivist groups are using these simple tools to bring down all kinds<br>
of large sites.<br>
<br>
Thanks for any insight,<br>
<br>
Mel<br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><font face="'trebuchet ms', sans-serif">Cheers,</font><div><font face="'trebuchet ms', sans-serif">Rami</font></div><br>
</div>