* Joe Orton <jor...@redhat.com> [2009-06-24 11:20]:
Meh. There will always be a maximum to the number of concurrent
connections a server can handle - be that hardware, kernel, or server
design. If you allow a single client to establish that number of
connections it will deny service to other clients.
That is all that "slowloris" does, and you will always have to mitigate
that kind of attack at network/router/firewall level. It can be done
today on Linux with a single trivial iptables rule, I'm sure the same is
true of other kernels.
I think you confuse the PoC tool with the fundamental problem. You can't fend
off this kind of attack at TCP level, at least not in cases where the n
connections that block Apache are made by not 1 but n hosts.