DoS attack in the wild

Cliff Wells cliff at develix.com
Fri Jun 19 23:39:46 MSD 2009


On Fri, 2009-06-19 at 21:45 +0300, luben karavelov wrote:
> A DoS attack against number of http servers is available and has hit 
> slashdot today: 
> http://it.slashdot.org/story/09/06/19/1243203/Attack-On-a-Significant-Flaw-In-Apache-Released
> 
> Out of the box nginx is also vulnerable (I have tested it on latest 0.7 
> installation). A quick fix for the vulnerability follows:


I notice that one of the prerequisites is:

"2) Negotiate a high TCP window size for each of the connections (1 GB
should be doable)"

This seems to point to TCP stack tuning to prevent this.

Cliff

-- 
http://www.google.com/search?q=vonage+sucks






More information about the nginx mailing list