Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: Apache DoS Attack

Re: Apache DoS Attack

Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?= (dag-erliIFI.UIO.NO)
Wed, 12 Aug 1998 14:08:07 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "Microsoft Security Bulletin (MS98-008)"
Previous message: Kari E. Hurtta: "Re: Sendmail up to 8.9.1 - mail.local instroduces new class of"
In reply to: Jonathan Freeman: "Re: Apache DoS Attack"
Next in thread: Pim van Riezen: "Re: Apache DoS Attack"

Jonathan Freeman <freemanADHOST.COM> writes:
>     <>    IIS 3.0  (Service Pack 3)
>
>                causes immediate jump to 100% CPU for approx. 5 seconds
>                multiple attacks can keep the CPU in the 90% range
>
>     <>    IIS 4.0  (Service Pack 3)
>
>                causes immediate jump to 80% CPU for approx. a half second
>                multiple attacks DO NOT cause more thank 40% sustained CPU

In other words, they're immune. 80% CPU load for half a second simply
means the server is working hard to quaff the request (or drink from a
firehose, depending on the value passed to sioux with the -n switch ),
but it's not leaking. IIS 3.0 is apparently a bad performer (well, a
worse performer than IIS 4.0, anyway) and takes more time to recover.
Did you run these tests on the same computer (or at least on ident-
ically configured computers)? If not, there is no basis for
comparison.

DES
--
Dag-Erling Smørgrav - dag-erliifi.uio.no

Next message: Aleph One: "Microsoft Security Bulletin (MS98-008)"
Previous message: Kari E. Hurtta: "Re: Sendmail up to 8.9.1 - mail.local instroduces new class of"
In reply to: Jonathan Freeman: "Re: Apache DoS Attack"
Next in thread: Pim van Riezen: "Re: Apache DoS Attack"