hi you may have heard about the slowloris http dos.it is an prove of concept very very low bandwidth dos.
with this tool an attacker with an 1MBit upload connection can completely interrupt service on an state of the art webserver running apache.
according to the project's website http://ha.ckers.org/slowloris/ apache and squid are affected. nginx and iis6,7 are not.i recently testet varnish 2.0.4 and it is affected too. perl slowloris.pl -dns 192.168.178.67 -port 81 -timeout 1 -num 1000 -tcpto 5
this line resulted in a total Denial of Service. Altought the underlying apache 192.168.178.67:80 was fully operate able during the attack varnishstat shows a lot this: 2544 0.00 2.67 N overflowed work requests 20533 478.00 21.52 N dropped work requests cpu & ram & bandwidth utilization : noneis there a possibility to fix this? or at least to get a bugreport. Because i think a varnish cluster will be affected too.
yours
signature.asc
Description: OpenPGP digital signature
_______________________________________________ varnish-dev mailing list varnish-dev@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-dev