[7620] in bugtraq
Re: Apache DoS Attack
daemon@ATHENA.MIT.EDU (Jonathan Freeman)
Tue Aug 11 22:02:50 1998
Date: Tue, 11 Aug 1998 15:02:34 -0700
Reply-To: Jonathan Freeman <freeman@ADHOST.COM>
From: Jonathan Freeman <freeman@ADHOST.COM>
To: BUGTRAQ@NETSPACE.ORG
We just tested the Sioux (Apache DoS) bug on:
<> IIS 3.0 (Service Pack 3)
causes immediate jump to 100% CPU for approx. 5 seconds
multiple attacks can keep the CPU in the 90% range
<> IIS 4.0 (Service Pack 3)
causes immediate jump to 80% CPU for approx. a half second
multiple attacks DO NOT cause more thank 40% sustained CPU
range
<> Apache 1.1.1 (Unix) (Caldera OpenLinux)
causes jump to 66% CPU for each get request and attempts
to use all available swap space for memory. Can be DoS'd
easily.
<> WebSitePro 2.3.4 (Service Pack 3)
causes immediate jump to 99% CPU for approx. 5 seconds
unknown if DoS would be possible for multiple attacks
Regards,
Jonathan Freeman
-----Original Message-----
From: Jamie Orzechowski <mhz@RECORDER.CA>
To: BUGTRAQ@netspace.org <BUGTRAQ@netspace.org>
Date: Tuesday, August 11, 1998 1:39 PM
Subject: Apache DoS Attack
>I tried the sioux bug on Website c2.3 for NT and I noticed in the processes
>that the CPU jumped upto 99% ... any ideas?
