DoS attack in the wild

Cliff Wells cliff at develix.com
Fri Jun 19 23:22:35 MSD 2009


On Fri, 2009-06-19 at 21:45 +0300, luben karavelov wrote:
> A DoS attack against number of http servers is available and has hit 
> slashdot today: 
> http://it.slashdot.org/story/09/06/19/1243203/Attack-On-a-Significant-Flaw-In-Apache-Released
> 
> Out of the box nginx is also vulnerable (I have tested it on latest 0.7 
> installation). 

What were the results of your tests?   I can see Apache being vulnerable
to this, given the amount of resources it requires per connection, but
Nginx should be much less susceptible.   The only resource I'd expect to
see exhausted might be sockets, which can be tuned at the OS level.

Cliff

-- 
http://www.google.com/search?q=vonage+sucks






More information about the nginx mailing list