Grave apache dos possible through byterange requests
Hi,
it is possible to dos a actual squeeze-apache2 with easy to forge rage-requests:
http://lists.grok.org.uk/pipermail/full-disclosure/2011-August/082299.html
Apache-devs are working on a solution:
But because the situation seems serious I thought I give you a heads up.
Running this script against a squeeze machine with 8 Cores and 24GB Ram you only need 200 threads to kick it out of memory.
Cheers
Dirk
Reply to: