Hello, We are experiencing problems with our Win32 Apache 1.3.27 with mod_ssl 2.8.12 + openssl 0.9.6g running on Windows 2000. It is a sort of DoS attack that makes our web site totally inaccessible.
One of those attacks was captured with Ethereal. The dump is attached. As you can see, the attack is accomplished through both HTTP (80) and HTTPS (443) ports. First, the connection is opened to the HTTP port and a malformed HTTP/1.1 GET request (with no Host: header) is sent to the HTTP port (probably with an intention to produce a crash described in http://www.cert.org/advisories/CA-2002-27.html or just to determine the host's Server version). The server responds with "HTTP/1.1 400 Bad request" and closes the connection. After that the attacker starts opening connections to the HTTPS port. One of them is used to send SSLv2 Client Hello request. From this point the web server starts rejecting all incoming connections and the web site stops responding on both HTTP and HTTPS ports. The error log usually contains records like: [..time..] [error] [client ..] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): / [..time..] [error] Server ran out of threads to serve requests. Consider raising the ThreadsPerChild setting Is this problem related to mod_ssl anyhow? Do you expect any fix for this problem soon? Regards P.S. We have the ThreadsPerChild parameter of httpd.conf set to 10.
filtered
Description: Binary data
