On 19/03/2009 19.47, Stefano Zanero wrote:
I just didn't agree on the specific example raised by Damiano, as I
don't see it happening anywhere in a real attack.
Stuart, Stefano, the example is real :)
Once I obfuscate some details, I can provide you the traces. We have
been also trying to understand why somebody would do such a stupid
"attack" (as also Stefano pointed out, it's only to consume resources,
whatever they are). As I said, few requests per second do no affect the
web server performance, but looking at the number of hosts involved,
it's clear the attacker can easily raise the bar.
--
Damiano Bolzoni
[email protected]
Homepage http://dies.ewi.utwente.nl/~bolzonid/
PGP public key http://dies.ewi.utwente.nl/~bolzonid/public_key.asc
Skype ID: [email protected]
Distributed and Embedded Security Group - University of Twente
P.O. Box 217 7500AE Enschede, The Netherlands
Phone +31 53 4892477
Mobile +31 629 008724
ZILVERLING building, room 3013
