DoS attack in the wild

E. Johnson root at erikj.info
Sat Jun 20 00:24:19 MSD 2009


"Welcome to Slowloris - the low bandwidth, yet greedy and poisonous HTTP
client!"
*
*
http://ha.ckers.org/slowloris/


On Fri, Jun 19, 2009 at 4:10 PM, Neelesh Gurjar <neel.hjs at gmail.com> wrote:

> Hello,
> Can anybody tell how to test DoS attack on webserver please ?
>
> Regards
> NeeleshG
>
> On Sat, Jun 20, 2009 at 12:52 AM, Cliff Wells <cliff at develix.com> wrote:
>
>> On Fri, 2009-06-19 at 21:45 +0300, luben karavelov wrote:
>> > A DoS attack against number of http servers is available and has hit
>> > slashdot today:
>> >
>> http://it.slashdot.org/story/09/06/19/1243203/Attack-On-a-Significant-Flaw-In-Apache-Released
>> >
>> > Out of the box nginx is also vulnerable (I have tested it on latest 0.7
>> > installation).
>>
>> What were the results of your tests?   I can see Apache being vulnerable
>> to this, given the amount of resources it requires per connection, but
>> Nginx should be much less susceptible.   The only resource I'd expect to
>> see exhausted might be sockets, which can be tuned at the OS level.
>>
>> Cliff
>>
>> --
>> http://www.google.com/search?q=vonage+sucks
>>
>>
>>
>
>
> --
> Regards
> NeeleshG
>
> LINUX is basically a simple operating system, but you have to be a genius
> to understand the simplicity
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20090619/dfec7405/attachment.html>


More information about the nginx mailing list