DoS attack in the wild
Igor Sysoev
is at rambler-co.ru
Sat Jun 20 12:59:11 MSD 2009
On Fri, Jun 19, 2009 at 12:22:35PM -0700, Cliff Wells wrote:
> On Fri, 2009-06-19 at 21:45 +0300, luben karavelov wrote:
> > A DoS attack against number of http servers is available and has hit
> > slashdot today:
> > http://it.slashdot.org/story/09/06/19/1243203/Attack-On-a-Significant-Flaw-In-Apache-Released
> >
> > Out of the box nginx is also vulnerable (I have tested it on latest 0.7
> > installation).
>
> What were the results of your tests? I can see Apache being vulnerable
> to this, given the amount of resources it requires per connection, but
> Nginx should be much less susceptible. The only resource I'd expect to
> see exhausted might be sockets, which can be tuned at the OS level.
Yes, as to nginx this DoS is more related to OS resources, but to nginx
itself. On FreeBSD I use usually settings like these:
http://wiki.nginx.org/FreeBSDOptimizations
Note, they are applicable for FreeBSD/amd64 only, but for FreeBSD/i386.
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list