| |||||||||||||
Apache attacked by a "slow loris"Apache attacked by a "slow loris"Posted Jun 28, 2009 20:23 UTC (Sun) by pphaneuf (guest, #23480)In reply to: Apache attacked by a "slow loris" by michaeljt Parent article: Apache attacked by a "slow loris"
The scarce resources here are TCP ports and memory. Maybe you can make things more memory efficient, or add memory, but the number of TCP ports is both fixed by TCP itself and inconveniently small.
No matter how you implement it, there's a fixed cap on the number of TCP connections per IP address. You could add IP addresses to a server, but that would be a waste of another precious resource, since during normal usage, most web servers can't handle the maximum number of connections of a single IP.
(Log in to post comments)
Apache attacked by a "slow loris" Posted Jun 28, 2009 21:59 UTC (Sun) by dlang (✭ supporter ✭, #313) [Link]
TCP ports don't get used up on servers when you have lots of connections.
the limit is that you cannot duplicate the set
when connecting to a server the destination port and destination IP are fixed, so a client can make lots of connections and make it so that no other connections could be made from that source IP, but that doesn't hurt anyone else.
that also isn't the attack that's happening here.
|
|||||||||||||