[7635] in bugtraq
Re: Apache DoS Attack
daemon@ATHENA.MIT.EDU (Dag-Erling Coidan =?iso-8859-1?Q?S)
Wed Aug 12 17:18:18 1998
Date: Wed, 12 Aug 1998 14:08:07 +0200
Reply-To: Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?= <dag-erli@IFI.UIO.NO>
From: Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?= <dag-erli@IFI.UIO.NO>
X-To: Jonathan Freeman <freeman@ADHOST.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Jonathan Freeman's message of "Tue, 11 Aug 1998 15:02:34 -0700"
Jonathan Freeman <freeman@ADHOST.COM> writes:
> <> IIS 3.0 (Service Pack 3)
>
> causes immediate jump to 100% CPU for approx. 5 second=
s
> multiple attacks can keep the CPU in the 90% range
>
> <> IIS 4.0 (Service Pack 3)
>
> causes immediate jump to 80% CPU for approx. a half se=
cond
> multiple attacks DO NOT cause more thank 40% sustained=
CPU
In other words, they're immune. 80% CPU load for half a second simply
means the server is working hard to quaff the request (or drink from a
firehose, depending on the value passed to sioux with the -n switch ),
but it's not leaking. IIS 3.0 is apparently a bad performer (well, a
worse performer than IIS 4.0, anyway) and takes more time to recover.
Did you run these tests on the same computer (or at least on ident-
ically configured computers)? If not, there is no basis for
comparison.
DES
--
Dag-Erling Sm=F8rgrav - dag-erli@ifi.uio.no
