Am 01.05.2013 14:09, schrieb Marian Marinov: > On 05/01/2013 03:00 PM, Reindl Harald wrote: >> and YES making DOS-attacks easier is treatet as security risk by any >> professional auditor and there where i work "threat middle" means >> "fix it or shut down the customers project" and the last time i got >> this was by a not visible protection against Slowloris from the view >> of the security-scanner >> __________________________________________ >> >> here you have something to read and learn that more and more attacks >> are done this way by exhausting ressources without high bandwith and >> THIS are the real problems server-admins have to fight and not the noise >> you see on your small site >> >> http://www.slashroot.in/slowloris-http-dosdenial-serviceattack-and-prevention >> > > I have to agree that delaying 'malicious' requests is opening the servers to > DoS attacks and SHOULD NOT be the > default! > This is not a solution to the problem. In fact what we have done was to > automatically disable the delaying during > excessive usage
and keep in mind that a SELF-DOS happens faster as someone thinks * server with let say "MaxClients 150" * hosting 500 domains on this machine (yes this is no problem these days) * now you can start to calculate how many 404 errors in a specific timeframe are likely * some of the 500 domains are pages with 50 images * in this HIGH LIKELY scenario you want to serve ANY connection as fast as possible i have seen webservers dying way too often and this starts ALWAYS with load reaching a peak where all your slots are busy and the amount of client machines which try to connect does not get lower and after a specific point of load you have no way to survive load in the context of a webserver means also connections * a website with 50 images * the website URL is called in the daily news on a TV sender * now you have 50000 people which try to open the page more or less at the same time * this means more then 2.5 Mio requests, you can serve 150 at the same time * god beware you from 50 of your 150 slots are burried by "slow down the client"
signature.asc
Description: OpenPGP digital signature