lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCvwp6_o-k1ki935W7kd0juSJifAjCyiFwu17boSe4APyHKEg@mail.gmail.com>
Date: Sun, 21 Aug 2011 08:41:57 +1000
From: "-= Glowing Sex =-" <doomxd@...il.com>
To: Jari Fredriksson <jarif@....fi>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Apache Killer

Hello,
    Doesnt maybe some config changes could probably assist in this. also you
do NOT need to use mod-deflate, to deflate packages, there is other
alternatives... anti_attack.rb is same thing but, designed for floods in
mind, here is something, one of many things i think wich if done right,
could stop atleast, memory exhaustion... and this was only a browse at the
settings... i did make a conf file... i might test it later, and then ill
post it if it works... but seems this could at the least be reduced to a
lesser problem... altho, i wont say how i think this could be stopped
instantly but, here is just part of mod_deflate manual.. ofc, you must use
this and zlib, and, if need be, whats so hard to add a regexp filter to the
code ? like, yes, hand patch it yourself..

I guess this would mean, patching n this case must be done immediately and i
watched pastebin go offline thru this, so it is not something id 'sit' on
and wait for a patch for.. myself, id disable modules, then get down to
reading/researching it and, the algorithm and methods used by
gzip/deflate,and somehow figure out where to put some exception filters..
but thats just me.
Anyhow, if you do not like to read configs, or would like an alternative,
try deflate_ddos.rb , a MULTI threaded anti-d0s/deflates pakcets, using ruby
script and, alot less code. - it is public, 'Anti Attack 0.1' would be its
name now.

DeflateMemLevel Directive
Description:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Description>How
much memory should be used by zlib for compression
Syntax:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Syntax>DeflateMemLevel
value Default:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Default>DeflateMemLevel
9 Context:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Context>server
config, virtual host
Status:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Status>
Extension Module:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Module>
mod_deflate

The DeflateMemLevel directive specifies how much memory should be used by
zlib for compression (a value between 1 and 9).


DeflateWindowSize Directive
Description:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Description>Zlib
compression window size
Syntax:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Syntax>DeflateWindowSize
value Default:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Default>DeflateWindowSize
15 Context:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Context>server
config, virtual host
Status:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Status>
Extension Module:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Module>
mod_deflate

The DeflateWindowSize directive specifies the zlib compression window size
(a value between 1 and 15). Generally, the higher the window size, the
higher can the compression ratio be expected.


Fun!

xd

Greetz to kcope :> hehe, always keeping our world of
black/hats/whatever/color always on our toes :P

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ