István at 2009-6-23 15:46 wrote:
I am not able to reproduce this. The server is answering and serving
./slowloris.pl -dns doma.in <http://doma.in> -port 80 -timeout 2 -num
10000
The load is zero, there is not even a delay in the response time.
Would you mind to share your slowloris.pl command and/or the nginx
relevant config, OS type and version, sysctl.conf(or equivalent).
It would be also nice to know what the nginx is doing in that time, do
you have dtrace on that node? Enable debug level logging in nginx is a
really bad idea if you have 5000 requests...
/"But if you have enough attack computers, you also can make a Nginx
server deny service."/
/
/
If you have enough computer you can take down even google.com
<http://google.com>, this is not relevant to this conversation,
moreover the slowloris is a dedicated tool to low bandwith/low amount
of computers attacks.
I'm sorry for my misunderstanding with your last mail. My meaning is
that Nginx has much better performance under such attack.
In my test case, I reduce the worker_connections to only 1024 because I
just have one attack computer.
And my test script is:
./slowloris.pl -dns doma.in <http://doma.in> -port 80 -timeout 30 -num
10000 -tcpto 5
:-P
21 messages in ru.sysoev.nginxRe: DoS attack in the wild
