Bugtraq mailing list archives
Re: Apache DoS attack?
From: markl () ftech net (Mark Lowes)
Date: Tue, 30 Dec 1997 11:59:55 GMT
----=_34a8e23b943997180eb3fac9.MFSBCHJLHS Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit On Tue, 30 Dec 1997 11:07:04 +0100, you wrote:
[execuse me if it has been discovered before]
First I've heard.
Here's a simple exploit for Apache httpd version 1.2.x (tested on 1.2.4). When launched, causes incerases of victim's load average and extreme slowdowns of disk operations. On my i586 Linux annoying slowdown has been experienced immediately (after maybe 5 seconds). After about 4 minutes work has been turned into real hell (286?).
Ok here's an initial patch, I'm sure someone will come up with something better and more effcient but it works. :) Mark -- +--------------------------------------------------------------------+ | Frontier Internet Services Ltd - Disclaimer; | | | | All statements made and agreements come to by means of email are | | at all times subject to Frontier's Terms and Conditions of service | | and product descriptions / sales literature. Representations made | | above and beyond those contained there in are not to be relied | | upon and are at no time contractually binding. | +--------------------------------------------------------------------+ ----=_34a8e23b943997180eb3fac9.MFSBCHJLHS Content-Type: application/octet-stream; name=beck.patch Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=beck.patch LS0tIC91c3Ivc3JjL2FwYWNoZV8xLjIuNC9zcmMvaHR0cF9wcm90b2NvbC5jCUZyaSBBdWcgMTUg MTc6MDg6NTEgMTk5NworKysgL3Vzci9zcmMvYXBhY2hlXzEuMi40LnBhdGNoL3NyYy9odHRwX3By b3RvY29sLmMJVHVlIERlYyAzMCAxMTo1NDozNyAxOTk3CkBAIC01MTAsNiArNTEwLDExIEBACiAg ICAgaW50IGxvb3A7CiAjZW5kaWYKIAorLyogLS0gbmVlZGVkIGZvciBGcm9udGllciBwYXRjaCAt LSAqLworICAgIGludCBGdGVjaF9sb29wOworICAgIGludCBGdGVjaF9jb3VudDsKKy8qIC0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0gKi8KKwogLyogQSBwcm94eSByZXF1ZXN0IGNvbnRh aW5zIGEgJzonIGVhcmx5IG9uLCBidXQgbm90IGFzIGZpcnN0IGNoYXJhY3RlciAqLwogICAgIGZv ciAocz11cmk7IHMgIT0gJ1wwJzsgcysrKQogCWlmICghaXNhbG51bSgqcykgJiYgKnMgIT0gJysn ICYmICpzICE9ICctJyAmJiAqcyAhPSAnLicpIGJyZWFrOwpAQCAtNTQxLDYgKzU0NiwzMCBAQAog ICAgIC8qIEZpeCBPUy8yIEhQRlMgZmlsZW5hbWUgY2FzZSBwcm9ibGVtLiAqLwogICAgIHItPnVy aSA9IHN0cmx3cihyLT51cmkpOwogI2VuZGlmCisKKy8qCisgKiBGcm9udGllciBwYXRjaCB0byBm aXggYnVndHJhcSByZXBvcnRlZCBleHBsb2l0CisgKi8KKworICAgRnRlY2hfY291bnQ9MDsKKyAg IGZvciAoRnRlY2hfbG9vcCA9IDA7IEZ0ZWNoX2xvb3AgPD0gc3RybGVuKHItPnVyaSk7ICsrRnRl Y2hfbG9vcCkgeworICAgICAgIGlmIChyLT51cmlbRnRlY2hfbG9vcF0gPT0gJy8nKQorCSAgCXsg CisJCUZ0ZWNoX2NvdW50Kys7IAorCQl9CisJZWxzZQorCSAgeworCSAgRnRlY2hfY291bnQ9MDsK KwkgIH0KKwlpZiggRnRlY2hfY291bnQgPj0gNiApCisJICB7IAorCSAgci0+dXJpWzBdPScvJzsK KwkgIHItPnVyaVsxXT0nXDAnOworCSAgYnJlYWs7CisJICB9CisgICB9OworCisvKiAtLS0gZW5k IHBhdGNoIC0tLSAqLwogCiAJaWYgKCp1cmkpIHItPmFyZ3M9IHBzdHJkdXAoci0+cG9vbCwgdXJp KTsKIAllbHNlIHItPmFyZ3MgPSBOVUxMOwo= ----=_34a8e23b943997180eb3fac9.MFSBCHJLHS--
Current thread:
- Oddities in RH 5.0 Tres Melton (Dec 28)
- Re: Oddities in RH 5.0 Frank Sweetser (Dec 28)
- Re: Oddities in RH 5.0 King O' Fun (Dec 28)
- Re: Oddities in RH 5.0 Chris Bond (Dec 28)
- AIX 4.x Mount S. Ryan Quick (Dec 28)
- Re: AIX 4.x Mount Troy A. Bollinger (Dec 28)
- iPass RoamServer 3.1 Chris A. Epler (Dec 29)
- Apache DoS attack? Micha? Zalewski (Dec 30)
- Re: Apache DoS attack? Mark Lowes (Dec 30)
- Re: Apache DoS attack? Pancrazio DE MAURO (Dec 30)