 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
21 messages in ru.sysoev.nginxRe: DoS attack in the wild| From | Sent On | Attachments |
|---|---|---|
| luben karavelov | Jun 19, 2009 11:44 am | |
| luben karavelov | Jun 19, 2009 12:09 pm | |
| Cliff Wells | Jun 19, 2009 12:22 pm | |
| Cliff Wells | Jun 19, 2009 12:30 pm | |
| Cliff Wells | Jun 19, 2009 12:39 pm | |
| Neelesh Gurjar | Jun 19, 2009 1:09 pm | |
| Jérôme Loyet | Jun 19, 2009 1:19 pm | |
| E. Johnson | Jun 19, 2009 1:23 pm | |
| Cliff Wells | Jun 19, 2009 1:51 pm | |
| w3wsrmn | Jun 19, 2009 5:09 pm | |
| Igor Sysoev | Jun 20, 2009 1:53 am | |
| Igor Sysoev | Jun 20, 2009 1:58 am | |
| luben karavelov | Jun 20, 2009 5:33 am | |
| Igor Sysoev | Jun 20, 2009 5:41 am | |
| Igor Sysoev | Jun 20, 2009 5:50 am | |
| Weibin Yao | Jun 22, 2009 3:51 am | |
| István | Jun 22, 2009 5:40 am | |
| Weibin Yao | Jun 22, 2009 7:33 pm | |
| István | Jun 23, 2009 12:46 am | |
| Weibin Yao | Jun 23, 2009 1:08 am | |
| István | Jun 23, 2009 2:22 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: DoS attack in the wild | Actions... |
|---|---|---|
| From: | István (lecc...@gmail.com) | |
| Date: | Jun 23, 2009 12:46:12 am | |
| List: | ru.sysoev.nginx | |
I am not able to reproduce this. The server is answering and serving ./slowloris.pl -dns doma.in -port 80 -timeout 2 -num 10000
The load is zero, there is not even a delay in the response time. Would you mind to share your slowloris.pl command and/or the nginx relevant config, OS type and version, sysctl.conf(or equivalent).
It would be also nice to know what the nginx is doing in that time, do you have dtrace on that node? Enable debug level logging in nginx is a really bad idea if you have 5000 requests...
*"But if you have enough attack computers, you also can make a Nginx server deny service."* * * If you have enough computer you can take down even google.com, this is not relevant to this conversation, moreover the slowloris is a dedicated tool to low bandwith/low amount of computers attacks.
Regards, Istvan
On Tue, Jun 23, 2009 at 3:34 AM, Weibin Yao <nbub...@gmail.com> wrote:
István at 2009-6-22 20:40 wrote:
I wasn't able to raise the load above 0,1 with nginx-0.6.32 on freebsd.
What did I wrong if nginx is affected "much stronger"?
Under this attack, Nginx just blocks all the sockets for client_header_timeout seconds, the load is always very low.
In my tests, apache2 stops working when the attack number is above 500. I think maybe apache2 can't fork more processes or threads. But Nginx can survive when the attack number is below woker_processes*worker_connections. It's more difficult to attack Nginx than apache. But if you have enough attack computers, you also can make a Nginx server deny service.
-- Weibin Yao
-- the sun shines for all