[7684] in bugtraq
Re: YA Apache DoS attack
daemon@ATHENA.MIT.EDU (Marc Slemko)
Sun Aug 16 15:51:00 1998
Date: Sat, 15 Aug 1998 21:10:52 -0700
Reply-To: Marc Slemko <marcs@ZNEP.COM>
From: Marc Slemko <marcs@ZNEP.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <35D63E5E.A961C9C2@webfx.ca>
On Sat, 15 Aug 1998, Scott Burke wrote:
> Kovacs Andrei wrote:
>
> > On Fri, 7 Aug 1998, Dag-Erling Coidan [ISO-8859-1] Sm=F8rgrav wrote=
:
> >
> > Today when I was looking at the Apache 1.3.1 help files i'v=
e
> > found a
> > parameter that might stop this: "RLimitMem". I guess this should ma=
ke
> > Apache
> > use only the amount of memory that you want to.
> >
> > Andy
>
> That will limit the amount of memory consumed by Apache itself, wh=
ich
> will
> save your whole system from being DoS'd, but the server itself will
> still be
> able to be DoS'd. That merely compartmentalizes the damage :)
No, this will not do anything against this attack.
The RLimit* directives only impact the amount of memory used by other
processes (eg. CGIs) that Apache spawns.
As I originally posted, if you want to prevent Apache from eating memor=
y
simply set the appropriate ulimit before starting Apache.
It isn't a denial of service attack if there is no denial of service. =
If
you have the appropriate ulimits, then on many machine a single attack
will not deny any service. Then it becomes a game of sending multiple
ones at the same time, etc.
