Dealing with Layer 7 DDoS attacks (RUDY, Slowloris, etc)

Joe frumentius at gmail.com
Mon Jul 25 17:40:16 UTC 2011 

Please put more review for RUDY.
Sounds interesting.
Is there any way to avoid web form attack?

Thank You.


Regards,
Joe


On Tue, Jul 26, 2011 at 12:21 AM, Mel Brands <bighype at gmail.com> wrote:

> Rami,
>
> Right, nginx does seem to handle SlowLoris attack better than most web
> servers. However, there's Apache 2 patch that mitigates SlowLoris really
> well (you can find it with a quick search). I don't know if nginx is on the
> same level as Apache2+patch.
>
> However, I have no idea how well nginx can sustain under a small/moderate
> RUDY attack. RUDY is one of the newer attacks that's gained a lot of
> popularity in recent months.
>
> Mel
>
>
> On Mon, Jul 25, 2011 at 1:15 PM, Rami Essaid <rami.essaid at gmail.com>wrote:
>
>> Reading that article it says:
>> "So… nginx is a good web server, use it! [image: ;)]"
>>
>> Their conclusion was that nginx handles that type of attack very well and
>> you would need a DDoS attack (and a large one at that) to bring down a
>> single nginx server.  Are there other examples of attacks that you have
>> found that nginx is susceptible to?  I have not heard of any
>> specific vulnerabilities of nginx that are not common to any other webserver
>> like simple bandwidth flooding.
>>
>> Rami
>>
>>
>> On Mon, Jul 25, 2011 at 1:09 PM, Mel Brands <bighype at gmail.com> wrote:
>>
>>> Hi guys,
>>>
>>> I am curious as to how nginx deals with DDoS attacks that attack
>>> through app layer, layer 7. I managed to find this page:
>>>
>>> http://blog.rayfoo.info/2009/10/testing-slowloris-against-nginx
>>>
>>> which claims that nginx is susceptible to the attack. Since this is
>>> from 2009, has anything changed?
>>>
>>> Also, has anyone tested nginx vs R-U-DEAD-YET (RUDY)? I haven't found
>>> any tests online...
>>>
>>> http://code.google.com/p/r-u-dead-yet/
>>>
>>> I ask because these types of attacks are becoming extremely common and
>>> hacktivist groups are using these simple tools to bring down all kinds
>>> of large sites.
>>>
>>> Thanks for any insight,
>>>
>>> Mel
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>
>>
>>
>> --
>> Cheers,
>> Rami
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20110726/f8f03662/attachment.html>

More information about the nginx mailing list