On Sun, 2003-06-01 at 06:45, Stephen Kuhn wrote: > On Sun, 2003-06-01 at 15:04, Adolfo Bello wrote: > > On Sat, 2003-05-31 at 23:55, JoeHill wrote: > > > > > not to discount La Femme's post, but who would go after my pathetic > > > site? > > > > A DoS will crash your entire server. In this case, just 400 or 500 > > connections will make it. > > > ...so the question remains, Adolpho, WHO's going to go first? Sorry, I went to sleep after posting my message.
When you have a vulnerability in your application (in this case Apache) the firewall can't help because the attach will come through an open port, in this case port 80. Regarding the number of connections, just one connection could cause your system to crash. Version 2.0.45 was released because a very simple one line perl script coming through port 80 could crash version 2.0.44. For more information about the current bug, take a look at: http://www.securityfocus.com/archive/1/323337 -- __ / \\ @ __ __ @ Adolfo Bello / [EMAIL PROTECTED] / // // /\ / \\ // \ // Bello Ingenieria S.A, ICQ: 65910258 / \\ // / \\ / // // / // mobile: +58 416 609-6213 /___// // / <_/ \__\\ //__/ // fax : +58 212 952-6797 www.bisapi.com // pager : [EMAIL PROTECTED]
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
