DoS attack in the wild
Weibin Yao
nbubingo at gmail.com
Tue Jun 23 12:09:09 MSD 2009
István at 2009-6-23 15:46 wrote:
> I am not able to reproduce this. The server is answering and serving
>
> ./slowloris.pl -dns doma.in <http://doma.in> -port 80 -timeout 2 -num
> 10000
>
> The load is zero, there is not even a delay in the response time.
> Would you mind to share your slowloris.pl command and/or the nginx
> relevant config, OS type and version, sysctl.conf(or equivalent).
>
> It would be also nice to know what the nginx is doing in that time, do
> you have dtrace on that node? Enable debug level logging in nginx is a
> really bad idea if you have 5000 requests...
>
> /"But if you have enough attack computers, you also can make a Nginx
> server deny service."/
> /
> /
> If you have enough computer you can take down even google.com
> <http://google.com>, this is not relevant to this conversation,
> moreover the slowloris is a dedicated tool to low bandwith/low amount
> of computers attacks.
>
I'm sorry for my misunderstanding with your last mail. My meaning is
that Nginx has much better performance under such attack.
In my test case, I reduce the worker_connections to only 1024 because I
just have one attack computer.
And my test script is:
./slowloris.pl -dns doma.in <http://doma.in> -port 80 -timeout 30 -num
10000 -tcpto 5
:-P
--
Weibin Yao
More information about the nginx
mailing list