LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Apache / Squid - DoS attack tool in the wild..
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 06-19-2009, 09:51 AM   #1
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,230
Blog Entries: 5

Rep: Reputation: 185Reputation: 185
Exclamation Apache / Squid - DoS attack tool in the wild..

http://isc.sans.org/diary.html?storyid=6601

Quote:
Originally Posted by slashdot
a significant flaw in Apache that can lead to a fairly trivial DoS attack is in the wild. Apache 1.x, 2.x, dhttpd, GoAhead WebServer, and Squid are confirmed vulnerable, while IIS6.0, IIS7.0, and lighttpd are confirmed not vulnerable. As of this writing, Apache Foundation does not have a patch available
Quote:
Originally Posted by Tool authors blog
In considering the ramifications of a slow denial of service attack against particular services, rather than flooding networks, a concept emerged that would allow a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports. The ideal situation for many denial of service attacks is where all other services remain intact but the webserver itself is completely inaccessible. Slowloris was born from this concept, and is therefore relatively very stealthy compared to most flooding tools.

Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at regular intervals to keep the sockets from closing. In this way webservers can be quickly tied up. In particular, servers that have threading will tend to be vulnerable, by virtue of the fact that they attempt to limit the amount of threading they'll allow


Thought I'd mention this since there is currently no fix...
 
Old 06-19-2009, 11:22 AM   #2
unixfool
Member
Contributing Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, FreeBSD, OpenBSD, Mac OS X , Backtrack, Ubuntu on a Dell Mini 9
Posts: 780
Blog Entries: 8

Rep: Reputation: 155Reputation: 155
Quote:
Originally Posted by farslayer View Post
http://isc.sans.org/diary.html?storyid=6601


Thought I'd mention this since there is currently no fix...
Posted here yesterday ---> http://isc.sans.org/diary.html?storyid=6601
 
Old 06-19-2009, 01:43 PM   #3
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,230
Blog Entries: 5

Original Poster
Rep: Reputation: 185Reputation: 185
Quote:
Originally Posted by unixfool View Post
Agreed, same link I started my original post with..

I wanted to post a witty repartee' to your post.. but I completely and utterly failed to come up with anything worthy..
 
Old 06-19-2009, 07:47 PM   #4
win32sux
Moderator
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 367Reputation: 367Reputation: 367Reputation: 367
Thanks. I'll sticky this for a few days.
 
Old 06-20-2009, 11:28 AM   #5
unixfool
Member
Contributing Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, FreeBSD, OpenBSD, Mac OS X , Backtrack, Ubuntu on a Dell Mini 9
Posts: 780
Blog Entries: 8

Rep: Reputation: 155Reputation: 155
My bad...thought the link was at Slashdot.
 
Old 06-21-2009, 12:26 AM   #6
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Debian, FreeBSD
Posts: 3,755
Blog Entries: 5

Rep: Reputation: Disabled
Apache's reply on El Reg:

http://www.theregister.co.uk/2009/06...ache_dos_flaw/

Quote:
Update

Apache has responded with a comment to this story: "This is not new, and a trawl through Apache mailinglists will find a few mentions of it over the years. For example, the Event MPM effectively nullifies this attack, and was first included in a production release of Apache in 2005."
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I secure my server from DoS attack ? neel.gurjar Linux - Server 9 06-25-2009 07:34 AM
DoS attack? port 22 templeton Linux - Security 1 11-11-2008 03:48 PM
is this a Dos Attack?? xtremeclones Linux - Security 8 09-27-2006 01:40 AM
detecting a DOS attack ignus Linux - Security 4 07-29-2004 02:17 PM
Are we under DOS attack? sarmadys Linux - Security 2 02-06-2002 09:41 PM


All times are GMT -5. The time now is 05:15 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration