farking
10-04-03, 12:37 PM
Exploit released pd 8 April 2003
ok..patch your server..hehee...this is d0s attack alike exploit that will eat your system consume resource and will disable you apache..hehehe.... It should cleanly compile kat Win32, dan mana2 POSIX compliant dan menawarkan antaramuka BSD soket. Tapi kalo nak compile kat UNIX kena tuka header dah bole jln ni...
:P
sedikit info
In a few minutes, my Apache used some 390 MB of
memory when tested. The statement that only 80 bytes is lost per newline
understates the issue in my opinion. If we multiply:
2 newlines: 160 bytes
4 newlines: 320 bytes
8 newlines: 640 bytes
16 newlines: 1280 bytes
32 newlines: 2560 bytes
64 newlines: 5120 bytes
128 newlines: 10240 bytes
256 newlines: 20480 bytes
512 newlines: 40960 bytes
1024 newlines: 81920 bytes
Worse, Apache doesn't require any form to the request what-so-ever, so 1 KB
of 0x0A's is just as good as a well-formed request. Let's continue:
2 KB: 163840 bytes
4 KB: 655360 bytes
8 KB: 1310720 bytes
16 KB: 2621440 bytes
That's nearly 2 MB leaked in response to 16 KB. And, this is just baseline
figures of the actual leak itself, and doesn't take into account various
other factors, including:
* Other use of memory by Apache
* The resources associated with the web session
:
:
It sends the data (which is patterns of "\r\n") in "chunks". It sends a
pre-specified number of character sequences, and then checks the interrupt
flag for a request to terminate. Deployed on a high-bandwidth connection
(or a low-bandwidth connection with a lot of time to spare), Apache is
disabled within seconds
:
:
Obviously, a
machine with a 16 MB RAM and a 512 MB hard drive is going to run out of
resources incredibly faster than a machine with 512 MB RAM and a 100 GB
hard drive is. Also, "between two and seven megabytes of traffic exchange"
is very possible with a DDoSnet of some kind. With 10 connections at 1
mbps each (for a combined speed of 10 mbps), approximately 1,750,000 bytes
(1.25 MB) is exchanged each second. This same speed is reached by the full
upload rates of many LAN-based providers (schools, for instance). Further,
a single cable modem has a link rate of 10 mbps, held down only by ISP
capping.
In the situation of such a network (or, a single uncapped cable modem), the
entire traffic exchange rate is hit within one second.
so take your gun son... :P
ok..patch your server..hehee...this is d0s attack alike exploit that will eat your system consume resource and will disable you apache..hehehe.... It should cleanly compile kat Win32, dan mana2 POSIX compliant dan menawarkan antaramuka BSD soket. Tapi kalo nak compile kat UNIX kena tuka header dah bole jln ni...
:P
sedikit info
In a few minutes, my Apache used some 390 MB of
memory when tested. The statement that only 80 bytes is lost per newline
understates the issue in my opinion. If we multiply:
2 newlines: 160 bytes
4 newlines: 320 bytes
8 newlines: 640 bytes
16 newlines: 1280 bytes
32 newlines: 2560 bytes
64 newlines: 5120 bytes
128 newlines: 10240 bytes
256 newlines: 20480 bytes
512 newlines: 40960 bytes
1024 newlines: 81920 bytes
Worse, Apache doesn't require any form to the request what-so-ever, so 1 KB
of 0x0A's is just as good as a well-formed request. Let's continue:
2 KB: 163840 bytes
4 KB: 655360 bytes
8 KB: 1310720 bytes
16 KB: 2621440 bytes
That's nearly 2 MB leaked in response to 16 KB. And, this is just baseline
figures of the actual leak itself, and doesn't take into account various
other factors, including:
* Other use of memory by Apache
* The resources associated with the web session
:
:
It sends the data (which is patterns of "\r\n") in "chunks". It sends a
pre-specified number of character sequences, and then checks the interrupt
flag for a request to terminate. Deployed on a high-bandwidth connection
(or a low-bandwidth connection with a lot of time to spare), Apache is
disabled within seconds
:
:
Obviously, a
machine with a 16 MB RAM and a 512 MB hard drive is going to run out of
resources incredibly faster than a machine with 512 MB RAM and a 100 GB
hard drive is. Also, "between two and seven megabytes of traffic exchange"
is very possible with a DDoSnet of some kind. With 10 connections at 1
mbps each (for a combined speed of 10 mbps), approximately 1,750,000 bytes
(1.25 MB) is exchanged each second. This same speed is reached by the full
upload rates of many LAN-based providers (schools, for instance). Further,
a single cable modem has a link rate of 10 mbps, held down only by ISP
capping.
In the situation of such a network (or, a single uncapped cable modem), the
entire traffic exchange rate is hit within one second.
so take your gun son... :P