LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 05-29-2013, 08:47 AM   #1
smithy2010
Member
 
Registered: May 2010
Location: UK
Distribution: Fedora 20 64 bit
Posts: 43

Rep: Reputation: 15
Smile Apache - HTTP Server Prone To Slow Denial Of Service Attack


Hello all,

Can anyone advice on how to fix “HTTP Server Prone To Slow Denial Of Service Attack”, CVE-2009-5111, http://nvd.nist.gov/.

I’ve done all that Apache recommended in http://httpd.apache.org/docs/trunk/m...eqtimeout.html, but still no joy.


Thank you in advance

Smithy

Last edited by smithy2010; 05-29-2013 at 10:56 AM.
 
Old 05-29-2013, 01:46 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,678
Blog Entries: 54

Rep: Reputation: 2954Reputation: 2954Reputation: 2954Reputation: 2954Reputation: 2954Reputation: 2954Reputation: 2954Reputation: 2954Reputation: 2954Reputation: 2954Reputation: 2954
Quote:
Originally Posted by smithy2010 View Post
no joy.
That isn't the type of response anyone can do anything with. Better (technical, clear, efficient, methodical) would have been to say something like "My Apache version is N, I've used setting X, tested with tool Y and the outcome was Z".


Quote:
Originally Posted by smithy2010 View Post
Can anyone advice on how to fix “HTTP Server Prone To Slow Denial Of Service Attack”, CVE-2009-5111, http://nvd.nist.gov/.
Realize that mod_reqtimeout is an application layer measure (and using mod_qoS and mod_security are also mentioned BTW) and while that isn't bad you also want to check traffic at the lower network layer. Warding things off lower in the network stack, before it reaches the application, requires less resources and is therefore safer and more efficient. Next to the iptables "recent" module shown in http://www.cert.org/blogs/certcc/200...webserver.html there's also the "connlimit" and "hashlimit" modules, each with their own pros and cons, that may address the explanations in that web log post and http://en.wikipedia.org/wiki/Slowlor...owloris_attack (limiting number of connections). Limiting the minimum transfer speed as suggested could be done with the "connrate" module (negate). Apart from that, excluding putting hardware in front of the web server, it's also suggested elsewhere to use Lighttpd or Nginx (in front of it as reverse proxy?), the reason being they use the more resilient asynchronous I/O model.
 
Old 05-30-2013, 05:02 AM   #3
smithy2010
Member
 
Registered: May 2010
Location: UK
Distribution: Fedora 20 64 bit
Posts: 43

Original Poster
Rep: Reputation: 15
Thank you for your reply.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
denial of service attack.....pls kmoney82 Linux - Newbie 1 08-30-2012 12:39 PM
Faillog- Denial of Service Attack Possible? dman777 Linux - Security 3 09-04-2011 08:23 AM
Lighttpd: Slow HTTP POST Attack hydraMax Linux - Server 3 02-04-2011 11:48 AM
how does mktemp prevent denial-of-service attack seaker79 Linux - Security 1 04-22-2010 07:56 AM


All times are GMT -5. The time now is 06:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration