btw, the patch:
http://svn.apache.org/viewcvs.cgi/httpd/httpd/trunk/server/core_filters.c?rev=154200&view=diff&r1=154200&r2=154199&p1=httpd/httpd/trunk/server/core_filters.c&p2=/httpd/httpd/trunk/server/core_filters.c was already in my copy of beta 2-1.3 apache .. so that wasn't it. the incredibly rapid memory usage increase under sustained load is something else. My guess, something to do with many timed out connections per second, that does not show up under normal load. I would imagine this particular DDOS designer knows of this issue which is one of the reasons the attack was like that.
