Re: Apache DoS attack?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Olaf Kirch: "Re: man problem"
• Previous message: Zen: "Re: Apache DoS attack?"
• Maybe in reply to: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski: "Apache DoS attack?"
• Next in thread: Pancrazio DE MAURO: "Re: Apache DoS attack?"

On Tue, 30 Dec 1997 11:07:04 +0100, you wrote:

>[execuse me if it has been discovered before]

First I've heard.

>Here's a simple exploit for Apache httpd version 1.2.x (tested on 1.2.4).
>When launched, causes incerases of victim's load average and extreme
>slowdowns of disk operations. On my i586 Linux annoying slowdown has been
>experienced immediately (after maybe 5 seconds). After about 4 minutes
>work has been turned into real hell (286?).

Ok here's an initial patch, I'm sure someone will come up with something
better and more effcient but it works. :)

Mark

--
+--------------------------------------------------------------------+
| Frontier Internet Services Ltd - Disclaimer;                       |
|                                                                    |
| All statements made and agreements come to by means of email are   |
| at all times subject to Frontier's Terms and Conditions of service |
| and product descriptions / sales literature. Representations made  |
| above and beyond those contained there in are not to be relied     |
| upon and are at no time contractually binding.                     |
+--------------------------------------------------------------------+

--Boundary_(ID_8Qt+A9e6Cp5BWtB++FL6EQ)
Content-type: application/octet-stream; name=beck.patch
Content-disposition: attachment; filename=beck.patch
Content-transfer-encoding: base64

LS0tIC91c3Ivc3JjL2FwYWNoZV8xLjIuNC9zcmMvaHR0cF9wcm90b2NvbC5jCUZyaSBBdWcgMTUg
MTc6MDg6NTEgMTk5NworKysgL3Vzci9zcmMvYXBhY2hlXzEuMi40LnBhdGNoL3NyYy9odHRwX3By
b3RvY29sLmMJVHVlIERlYyAzMCAxMTo1NDozNyAxOTk3CkBAIC01MTAsNiArNTEwLDExIEBACiAg
ICAgaW50IGxvb3A7CiAjZW5kaWYKIAorLyogLS0gbmVlZGVkIGZvciBGcm9udGllciBwYXRjaCAt
LSAqLworICAgIGludCBGdGVjaF9sb29wOworICAgIGludCBGdGVjaF9jb3VudDsKKy8qIC0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0gKi8KKwogLyogQSBwcm94eSByZXF1ZXN0IGNvbnRh
aW5zIGEgJzonIGVhcmx5IG9uLCBidXQgbm90IGFzIGZpcnN0IGNoYXJhY3RlciAqLwogICAgIGZv
ciAocz11cmk7IHMgIT0gJ1wwJzsgcysrKQogCWlmICghaXNhbG51bSgqcykgJiYgKnMgIT0gJysn
ICYmICpzICE9ICctJyAmJiAqcyAhPSAnLicpIGJyZWFrOwpAQCAtNTQxLDYgKzU0NiwzMCBAQAog
ICAgIC8qIEZpeCBPUy8yIEhQRlMgZmlsZW5hbWUgY2FzZSBwcm9ibGVtLiAqLwogICAgIHItPnVy
aSA9IHN0cmx3cihyLT51cmkpOwogI2VuZGlmCisKKy8qCisgKiBGcm9udGllciBwYXRjaCB0byBm
aXggYnVndHJhcSByZXBvcnRlZCBleHBsb2l0CisgKi8KKworICAgRnRlY2hfY291bnQ9MDsKKyAg
IGZvciAoRnRlY2hfbG9vcCA9IDA7IEZ0ZWNoX2xvb3AgPD0gc3RybGVuKHItPnVyaSk7ICsrRnRl
Y2hfbG9vcCkgeworICAgICAgIGlmIChyLT51cmlbRnRlY2hfbG9vcF0gPT0gJy8nKQorCSAgCXsg
CisJCUZ0ZWNoX2NvdW50Kys7IAorCQl9CisJZWxzZQorCSAgeworCSAgRnRlY2hfY291bnQ9MDsK
KwkgIH0KKwlpZiggRnRlY2hfY291bnQgPj0gNiApCisJICB7IAorCSAgci0+dXJpWzBdPScvJzsK
KwkgIHItPnVyaVsxXT0nXDAnOworCSAgYnJlYWs7CisJICB9CisgICB9OworCisvKiAtLS0gZW5k
IHBhdGNoIC0tLSAqLwogCiAJaWYgKCp1cmkpIHItPmFyZ3M9IHBzdHJkdXAoci0+cG9vbCwgdXJp
KTsKIAllbHNlIHItPmFyZ3MgPSBOVUxMOwo=

--Boundary_(ID_8Qt+A9e6Cp5BWtB++FL6EQ)--

• Next message: Olaf Kirch: "Re: man problem"
• Previous message: Zen: "Re: Apache DoS attack?"
• Maybe in reply to: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski: "Apache DoS attack?"
• Next in thread: Pancrazio DE MAURO: "Re: Apache DoS attack?"