DoS attack in the wild
Igor Sysoev
is at rambler-co.ru
Sat Jun 20 16:50:31 MSD 2009
On Sat, Jun 20, 2009 at 04:41:48PM +0400, Igor Sysoev wrote:
> On Sat, Jun 20, 2009 at 03:33:40PM +0300, luben karavelov wrote:
>
> > J??r??me Loyet wrote:
> > >this attack works great on apache but I was unable, yet, to make it
> > >works on nginx (0.8.3).
> > >
> >
> > On nginx it exhuases the available sockets. My setup is nginx-0.7.58
> > with cofig: :
> >
> > worker_processes 4;
> > worker_rlimit_nofile 5000;
> > events {
> > worker_connections 2048;
> > use epoll;
> > }
> >
> >
> > and without the fixes I could DoS the server with:
> > ./slowloris.pl -dns photomoment.bg -timeout 30 -num 10000 -tcpto 5
> >
> > exhausts available sockets and the server stops replying to new requests.
>
> 5000 and 2048 are too small values in modern Internet, I use usually
> about 200,000.
>
> You need to increase
> 1) OS sockets limit,
> 2) OS network memory limits (buffers, etc.)
By buffers I meant not increasing send/receive buffers limits: actually,
you should decrease them. I meant a total number of memory dedicated
to the buffers by kernel.
> 3) OS files limit,
> 4) OS per process files limit (worker_rlimit_nofile),
> 5) and finally, nginx's worker_connections.
>
>
> --
> Igor Sysoev
> http://sysoev.ru/en/
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list