[7872] in bugtraq
Re: Web servers / possible DOS Attack / mime header flooding
daemon@ATHENA.MIT.EDU (Vanja Hrustic)
Thu Sep 3 16:11:11 1998
Date: Thu, 3 Sep 1998 15:58:55 -0400
Reply-To: Vanja Hrustic <vanja@SIAMRELAY.COM>
From: Vanja Hrustic <vanja@SIAMRELAY.COM>
X-To: Laurent FACQ <facq@U-BORDEAUX.FR>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199809031034.MAA03518@krusty.u-bordeaux.fr>
At 12:34 03/09/98 +0200, Laurent FACQ wrote:
># => by sending a crazy amount of 8000 bytes headers, it's possible
># to consume a lot of memory (and of course CPU). The point
># is that httpd daemons grow and STAY at this big size (or die
># if you send too much)
After 2000 headers, 1.3.1 was consuming 93% and stayed there (other
processes were consuming 7%). Script dies after 2800 and Apache goes back
to 0.05%. Couldn't crash it.
Tested on HP-UX 10.20 / Apache 1.3.1.
Vanja Hrustic
Information Systems Manager
Siam Relay Ltd.
http://www.siamrelay.com
vanja@siamrelay.com
Phone: +662-616-8628
Fax : +662-272-6516
