Re: Apache Killer

["-= Glowing Sex =-" <doomxd () gmail com>]

Hello,
    Doesnt maybe some config changes could probably assist in this. also you
do NOT need to use mod-deflate, to deflate packages, there is other
alternatives... anti_attack.rb is same thing but, designed for floods in
mind, here is something, one of many things i think wich if done right,
could stop atleast, memory exhaustion... and this was only a browse at the
settings... i did make a conf file... i might test it later, and then ill
post it if it works... but seems this could at the least be reduced to a
lesser problem... altho, i wont say how i think this could be stopped
instantly but, here is just part of mod_deflate manual.. ofc, you must use
this and zlib, and, if need be, whats so hard to add a regexp filter to the
code ? like, yes, hand patch it yourself..

I guess this would mean, patching n this case must be done immediately and i
watched pastebin go offline thru this, so it is not something id 'sit' on
and wait for a patch for.. myself, id disable modules, then get down to
reading/researching it and, the algorithm and methods used by
gzip/deflate,and somehow figure out where to put some exception filters..
but thats just me.
Anyhow, if you do not like to read configs, or would like an alternative,
try deflate_ddos.rb , a MULTI threaded anti-d0s/deflates pakcets, using ruby
script and, alot less code. - it is public, 'Anti Attack 0.1' would be its
name now.

DeflateMemLevel Directive
Description:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Description>How
much memory should be used by zlib for compression
Syntax:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Syntax>DeflateMemLevel
value Default:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Default>DeflateMemLevel
9 Context:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Context>server
config, virtual host
Status:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Status>
Extension Module:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Module>
mod_deflate

The DeflateMemLevel directive specifies how much memory should be used by
zlib for compression (a value between 1 and 9).


DeflateWindowSize Directive
Description:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Description>Zlib
compression window size
Syntax:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Syntax>DeflateWindowSize
value Default:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Default>DeflateWindowSize
15 Context:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Context>server
config, virtual host
Status:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Status>
Extension Module:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Module>
mod_deflate

The DeflateWindowSize directive specifies the zlib compression window size
(a value between 1 and 15). Generally, the higher the window size, the
higher can the compression ratio be expected.


Fun!

xd

Greetz to kcope :> hehe, always keeping our world of
black/hats/whatever/color always on our toes :P

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/