It is a serious remote denial of service! It can be used from a single modem line and take down a whole server without generating any logfiles except normal access logs. It's funny how you guys treat it as "Wishlist" for three months even though it's one of the worst remote denial of service attacks that can happen. It just takes your whole Website down! And hey it affects Ubuntu-LTS-Server! I just tried it with my home DSL line against Ubuntu.com and it went down about instantly! What frickin' else do you want? And yeah my page with about 4000 unique daily visitors was affected as well - not sure if you call that big, but at least ubuntu.com should be big enough, isn't it?
Concerning the picture - left one is local slowloris against ubuntu.com - right one is links2 from my server. Guess what? It didn't load anymore till I stopped slowloris! So if you don't care whether ubuntu.com is reachable or not, why do you think they bought the domain in the first place? If that's not serious - what else do you want? ** Attachment added: "ubuntu.com downed by slowloris!" http://launchpadlibrarian.net/32140980/slowloris%20against%20ubuntu.png -- apache2 DoS attack using slowloris https://bugs.launchpad.net/bugs/392759 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
