Apache attacked by a "slow loris"
Apache attacked by a "slow loris"
Posted Jun 28, 2009 22:05 UTC (Sun) by dlang (guest, #313)In reply to: Apache attacked by a "slow loris" by pphaneuf
Parent article: Apache attacked by a "slow loris"
hopefully this will force the apache team to tackle this issue and seperate the timeouts, but from the article it sounds like they are not responding well.
they are right that the basic attack approach of having a botnet of servers connect to an apache server and tie it up is an old attack that has been possible forever. fixing the timeout issues will not address that, and even after fixing the timeouts the attackers can kill the apache server by making legitimate requests that take time to process, but fixing the timeouts will go a long way towards leveling the playing field again, right now it's tilted heavily in favor of the attackers.
(Log in to post comments)