Bugtraq mailing list archives

Re: Apache DoS Attack

From: freeman () ADHOST COM (Jonathan Freeman)
Date: Tue, 11 Aug 1998 15:02:34 -0700


We just tested the Sioux (Apache DoS) bug on:

    <>    IIS 3.0  (Service Pack 3)

               causes immediate jump to 100% CPU for approx. 5 seconds
               multiple attacks can keep the CPU in the 90% range

    <>    IIS 4.0  (Service Pack 3)

               causes immediate jump to 80% CPU for approx. a half second
               multiple attacks DO NOT cause more thank 40% sustained CPU
range

    <>    Apache 1.1.1 (Unix)  (Caldera OpenLinux)

               causes jump to 66% CPU for each get request and attempts
               to use all available swap space for memory.  Can be DoS'd
easily.

    <>     WebSitePro 2.3.4  (Service Pack 3)

               causes immediate jump to 99% CPU for approx. 5 seconds
               unknown if DoS would be possible for multiple attacks


Regards,

Jonathan Freeman

-----Original Message-----
From: Jamie Orzechowski <mhz () RECORDER CA>
To: BUGTRAQ () netspace org <BUGTRAQ () netspace org>
Date: Tuesday, August 11, 1998 1:39 PM
Subject: Apache DoS Attack

I tried the sioux bug on Website c2.3 for NT and I noticed in the processes
that the CPU jumped upto 99% ... any ideas?

Current thread:

Apache DoS Attack Jamie Orzechowski (Aug 10)
- <Possible follow-ups>
- Re: Apache DoS Attack Jonathan Freeman (Aug 11)
- Re: Apache DoS Attack Pim van Riezen (Aug 11)
  - Re: Apache DoS Attack Dean Gaudet (Aug 12)
- Re: Apache DoS Attack Paul Leach (Aug 12)