Re: YA Apache DoS attack

[marcs () ZNEP COM (Marc Slemko)]

On Sat, 15 Aug 1998, Scott Burke wrote:

> Kovacs Andrei wrote:
>
> > On Fri, 7 Aug 1998, Dag-Erling Coidan [ISO-8859-1] Smørgrav wrote:
> >
> >         Today when I was looking at the Apache 1.3.1 help files i've
> > found a
> > parameter that might stop this: "RLimitMem". I guess this should make
> > Apache
> > use only the amount of memory that you want to.
> >
> >         Andy
>
>    That will limit the amount of memory consumed by Apache itself, which
> will
> save your whole system from being DoS'd, but the server itself will
> still be
> able to be DoS'd. That merely compartmentalizes the damage :)

No, this will not do anything against this attack.

The RLimit* directives only impact the amount of memory used by other
processes (eg. CGIs) that Apache spawns.

As I originally posted, if you want to prevent Apache from eating memory
simply set the appropriate ulimit before starting Apache.

It isn't a denial of service attack if there is no denial of service.  If
you have the appropriate ulimits, then on many machine a single attack
will not deny any service.  Then it becomes a game of sending multiple
ones at the same time, etc.