DoS attack in the wild

Jérôme Loyet jerome at loyet.net
Sat Jun 20 00:19:44 MSD 2009


this attack works great on apache but I was unable, yet, to make it
works on nginx (0.8.3).

2009/6/19 Neelesh Gurjar <neel.hjs at gmail.com>:
> Hello,
> Can anybody tell how to test DoS attack on webserver please ?
> Regards
> NeeleshG
>
> On Sat, Jun 20, 2009 at 12:52 AM, Cliff Wells <cliff at develix.com> wrote:
>>
>> On Fri, 2009-06-19 at 21:45 +0300, luben karavelov wrote:
>> > A DoS attack against number of http servers is available and has hit
>> > slashdot today:
>> >
>> > http://it.slashdot.org/story/09/06/19/1243203/Attack-On-a-Significant-Flaw-In-Apache-Released
>> >
>> > Out of the box nginx is also vulnerable (I have tested it on latest 0.7
>> > installation).
>>
>> What were the results of your tests?   I can see Apache being vulnerable
>> to this, given the amount of resources it requires per connection, but
>> Nginx should be much less susceptible.   The only resource I'd expect to
>> see exhausted might be sockets, which can be tuned at the OS level.
>>
>> Cliff
>>
>> --
>> http://www.google.com/search?q=vonage+sucks
>>
>>
>
>
>
> --
> Regards
> NeeleshG
>
> LINUX is basically a simple operating system, but you have to be a genius to
> understand the simplicity
>





More information about the nginx mailing list