Hello, We are experiencing problems with our Win32 Apache 1.3.26 with mod_ssl 2.8.10 + openssl 0.9.6b running on Windows 2000. It is a sort of DoS attacks that make our web site totally inaccessible.
One of those attacks was captured with Ethereal. The dump is attached. As you can see, the attack is accomplished through both HTTP (80) and HTTPS (443) ports. First, the connection is opened to the HTTP port, then it is opened to the HTTPS port. Then a malformed HTTP/1.1 GET request (with no Host: header) is sent to the HTTP port. Then both connections are closed without waiting for the response from the web server. As a result, the web site stops responding on both HTTP and HTTPS ports. The error log usually contains records like: [..time..] [error] [client ..] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): / [..time..] [error] Server ran out of threads to serve requests. Consider raising the ThreadsPerChild setting Is this problem related to mod_ssl anyhow? Will an upgrade to Apache 1.3.27 + mod_ssl 2.8.11 + openssl 0.9.6g solve the problem? Regards
attack.tcpdump
Description: Binary data
