On Sat, 15 Aug 1998, Scott Burke wrote: > Kovacs Andrei wrote: > > > On Fri, 7 Aug 1998, Dag-Erling Coidan [ISO-8859-1] Smørgrav wrote: > > > > Today when I was looking at the Apache 1.3.1 help files i've > > found a > > parameter that might stop this: "RLimitMem". I guess this should make > > Apache > > use only the amount of memory that you want to. > > > > Andy > > That will limit the amount of memory consumed by Apache itself, which > will > save your whole system from being DoS'd, but the server itself will > still be > able to be DoS'd. That merely compartmentalizes the damage :) No, this will not do anything against this attack. The RLimit* directives only impact the amount of memory used by other processes (eg. CGIs) that Apache spawns. As I originally posted, if you want to prevent Apache from eating memory simply set the appropriate ulimit before starting Apache. It isn't a denial of service attack if there is no denial of service. If you have the appropriate ulimits, then on many machine a single attack will not deny any service. Then it becomes a game of sending multiple ones at the same time, etc.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:48 PDT