Slashdot Mirror
Attack On a Significant Flaw In Apache Released
Zerimar points out a significant flaw in Apache that can lead to a fairly trivial DoS attack is in the wild. Apache 1.x, 2.x, dhttpd, GoAhead WebServer, and Squid are confirmed vulnerable, while IIS6.0, IIS7.0, and lighttpd are confirmed not vulnerable. As of this writing, Apache Foundation does not have a patch available. From Rsnake's introduction to the attack tool: "In considering the ramifications of a slow denial of service attack against particular services, rather than flooding networks, a concept emerged that would allow a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports. The ideal situation for many denial of service attacks is where all other services remain intact but the webserver itself is completely inaccessible. Slowloris was born from this concept, and is therefore relatively very stealthy compared to most flooding tools."
be prepared to feel the slashdot-effect yourself for once!
Opera Unite?
I'm just waiting for a "Get The Facts" campaign for "IIS vs Apache" on the Microsoft website, along with a completely accurate comparison chart!
The thing that is really amazing about this hack: Human readable perl!
Read, refresh, repeat.
If the vulnerability is based on correct, standard conform behaviour of the server, I can see why IIS isn't susceptible to it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Sex makes people stupid?
BTW, is there a self-mod value for "I'm not sure I should have posted that"?
My guess is that the DoS attack is so slow that, by the time it would have completed, the server has already crashed for a different reason.
"I guess the moral of the story is, don't paint your airship with rocket fuel." -- Addison Bain