[7875] in bugtraq
Re: Web servers / possible DOS Attack / mime header flooding
daemon@ATHENA.MIT.EDU (Rich Wood)
Thu Sep 3 17:24:15 1998
Date: Thu, 3 Sep 1998 21:49:19 +0100
Reply-To: rich@dynamite.org
From: Rich Wood <rich@DYNAMITE.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199809031034.MAA03518@krusty.u-bordeaux.fr>
On 3 Sep 98, at 12:34, Laurent FACQ wrote:
> # => by sending a crazy amount of 8000 bytes headers, it's possible
> # to consume a lot of memory (and of course CPU). The point
> # is that httpd daemons grow and STAY at this big size (or die
> # if you send too much)
Tried against apache 1.3.1 on FreeBSD 2.2.6 (DX2-66 16Mb), script hung
after 2500 headers with apache using 30Mb.
Tried against apache 1.3.1 on NT4 (workstation) SP3 (P200 64Mb), after
7500 headers, apache was using 120Mb RAM and the box ground to a halt.
It didn't actually crash apache on either box, but severely reduced the
usefulness of the systems.
Rich
--
Rich Wood
rich@dynamite.org
