| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 21 Aug 2011 08:41:57 +1000
From: "-= Glowing Sex =-" <doomxd@...il.com>
To: Jari Fredriksson <jarif@....fi>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Apache Killer
Hello,
Doesnt maybe some config changes could probably assist in this. also you
do NOT need to use mod-deflate, to deflate packages, there is other
alternatives... anti_attack.rb is same thing but, designed for floods in
mind, here is something, one of many things i think wich if done right,
could stop atleast, memory exhaustion... and this was only a browse at the
settings... i did make a conf file... i might test it later, and then ill
post it if it works... but seems this could at the least be reduced to a
lesser problem... altho, i wont say how i think this could be stopped
instantly but, here is just part of mod_deflate manual.. ofc, you must use
this and zlib, and, if need be, whats so hard to add a regexp filter to the
code ? like, yes, hand patch it yourself..
I guess this would mean, patching n this case must be done immediately and i
watched pastebin go offline thru this, so it is not something id 'sit' on
and wait for a patch for.. myself, id disable modules, then get down to
reading/researching it and, the algorithm and methods used by
gzip/deflate,and somehow figure out where to put some exception filters..
but thats just me.
Anyhow, if you do not like to read configs, or would like an alternative,
try deflate_ddos.rb , a MULTI threaded anti-d0s/deflates pakcets, using ruby
script and, alot less code. - it is public, 'Anti Attack 0.1' would be its
name now.
DeflateMemLevel Directive
Description:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Description>How
much memory should be used by zlib for compression
Syntax:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Syntax>DeflateMemLevel
value Default:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Default>DeflateMemLevel
9 Context:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Context>server
config, virtual host
Status:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Status>
Extension Module:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Module>
mod_deflate
The DeflateMemLevel directive specifies how much memory should be used by
zlib for compression (a value between 1 and 9).
DeflateWindowSize Directive
Description:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Description>Zlib
compression window size
Syntax:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Syntax>DeflateWindowSize
value Default:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Default>DeflateWindowSize
15 Context:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Context>server
config, virtual host
Status:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Status>
Extension Module:<http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Module>
mod_deflate
The DeflateWindowSize directive specifies the zlib compression window size
(a value between 1 and 15). Generally, the higher the window size, the
higher can the compression ratio be expected.
Fun!
xd
Greetz to kcope :> hehe, always keeping our world of
black/hats/whatever/color always on our toes :P
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists