 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
21 messages in ru.sysoev.nginxRe: DoS attack in the wild| From | Sent On | Attachments |
|---|---|---|
| luben karavelov | Jun 19, 2009 11:44 am | |
| luben karavelov | Jun 19, 2009 12:09 pm | |
| Cliff Wells | Jun 19, 2009 12:22 pm | |
| Cliff Wells | Jun 19, 2009 12:30 pm | |
| Cliff Wells | Jun 19, 2009 12:39 pm | |
| Neelesh Gurjar | Jun 19, 2009 1:09 pm | |
| Jérôme Loyet | Jun 19, 2009 1:19 pm | |
| E. Johnson | Jun 19, 2009 1:23 pm | |
| Cliff Wells | Jun 19, 2009 1:51 pm | |
| w3wsrmn | Jun 19, 2009 5:09 pm | |
| Igor Sysoev | Jun 20, 2009 1:53 am | |
| Igor Sysoev | Jun 20, 2009 1:58 am | |
| luben karavelov | Jun 20, 2009 5:33 am | |
| Igor Sysoev | Jun 20, 2009 5:41 am | |
| Igor Sysoev | Jun 20, 2009 5:50 am | |
| Weibin Yao | Jun 22, 2009 3:51 am | |
| István | Jun 22, 2009 5:40 am | |
| Weibin Yao | Jun 22, 2009 7:33 pm | |
| István | Jun 23, 2009 12:46 am | |
| Weibin Yao | Jun 23, 2009 1:08 am | |
| István | Jun 23, 2009 2:22 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: DoS attack in the wild | Actions... |
|---|---|---|
| From: | Cliff Wells (cli...@develix.com) | |
| Date: | Jun 19, 2009 1:51:43 pm | |
| List: | ru.sysoev.nginx | |
On Fri, 2009-06-19 at 16:24 -0400, E. Johnson wrote:
"Welcome to Slowloris - the low bandwidth, yet greedy and poisonous HTTP client!"
I've already seen that. What I'd like to see is what data the OP extracted from his tests to determine that Nginx is also vulnerable.
Apache and IIS are clearly vulnerable due to their threaded architecture (they consume a relatively large amount of memory with each connection which makes this sort of attack easy). With Nginx this isn't true, so I suspect the correct place to address resource consumption lies in the underlying OS' TCP stack settings rather than in nginx.conf (but of course, I'm willing to stand corrected if the OP's tests showed otherwise).
In short, the attack effectively simulates what would happen if thousands of 1200 baud dialup users simultaneously accessed a website. Nginx should be as close to ideal as you can get for this situation, provided your OS is properly tuned and has enough resources to handle that many concurrent connections.
Cliff
On Fri, Jun 19, 2009 at 4:10 PM, Neelesh Gurjar <neel...@gmail.com> wrote: Hello,
Can anybody tell how to test DoS attack on webserver please ?
Regards NeeleshG
On Sat, Jun 20, 2009 at 12:52 AM, Cliff Wells <cli...@develix.com> wrote: On Fri, 2009-06-19 at 21:45 +0300, luben karavelov wrote: > A DoS attack against number of http servers is available and has hit > slashdot today: > http://it.slashdot.org/story/09/06/19/1243203/Attack-On-a-Significant-Flaw-In-Apache-Released > > Out of the box nginx is also vulnerable (I have tested it on latest 0.7 > installation).
What were the results of your tests? I can see Apache being vulnerable to this, given the amount of resources it requires per connection, but Nginx should be much less susceptible. The only resource I'd expect to see exhausted might be sockets, which can be tuned at the OS level.
Cliff
-- http://www.google.com/search?q=vonage+sucks
-- Regards NeeleshG
LINUX is basically a simple operating system, but you have to be a genius to understand the simplicity