
Slowloris HTTP DoS - chanux
http://ha.ckers.org/blog/20090617/slowloris-http-dos/
======
moe
This is a truly ancient attack vector and a solved one. It's good that the
kids re-discover these things and keep knowledge alive, but why oh why do they
always have to make it sound like some sort of doomsday break-through? I
suspect the the twitter disease.

Back in the day when these things were initially discussed (on phrack and the
ilk) there was much less noise in favor to more technical insight. What do we
get here? A pile of FUD based on half-knowledge.

So, I'd say +1 point for effort, -3 points for (lack of) research and
presentation.

A simple search on packetstorm would have revealed that scripts like this were
all the rage _about 10 years ago_ (see octopus.c from 2001 and such).

~~~
wmf
Unfortunately it isn't solved in the default configuration of the #1 Web
server.

~~~
moe
It isn't solved there because it isn't a webserver problem but a general
networking problem. Yes, you could go and add defensive measures to the
listeners of your httpd, smtpd, sshd and all your other services.

The rest of us just uses a firewall.

------
nailer
The sensible defaults concept unfortunately is missed by a lot of Unix
communities. Any local user on most Linux OS can fork bomb the OS out of
existence with about seven characters of bash. Default user limits would solve
the problem (and do on, IIRC, one of the BSDs) but instead the solution is to
read a manual after it breaks rather than ship it working, and allow people to
break it.

