From owner-freebsd-security@FreeBSD.ORG Fri Oct 2 08:18:53 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BF583106566B for ; Fri, 2 Oct 2009 08:18:53 +0000 (UTC) (envelope-from tevans.uk@googlemail.com) Received: from mail-bw0-f227.google.com (mail-bw0-f227.google.com [209.85.218.227]) by mx1.freebsd.org (Postfix) with ESMTP id 414B58FC1D for ; Fri, 2 Oct 2009 08:18:52 +0000 (UTC) Received: by bwz27 with SMTP id 27so740238bwz.43 for ; Fri, 02 Oct 2009 01:18:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:subject:from:to:cc :in-reply-to:references:content-type:date:message-id:mime-version :x-mailer:content-transfer-encoding; bh=L4fKK0RlC1gXfI8QRd82/cH9BCGXl0N+uZZO2bqaqL8=; b=tDK/rI39Ek394MsGhS/n8YSYnUDJvGD06zri2Ab1IC1wHglMyeEbYdSu6yi/3N9c8r K7i/Wo3xDKBc8n4pvZXHLYWCops7HG3Mqz91SYCuQ/V+yxzvesf5maT5kFR2tBiGLZi4 Qzl+eZTm7roxDM0SybnENtU+EVot2zGYdYh6I= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=subject:from:to:cc:in-reply-to:references:content-type:date :message-id:mime-version:x-mailer:content-transfer-encoding; b=eibcqNQTRRyBj4lyIjBnIb7F7Ur/JH7givaXG+sHfiX0xQmIlOI58f+LKtZACF73Oo TcJGjDxiXlMurMo8LyuztWWroF6WOUpP9E13jtJYiR6aCcZ7Z3N3RZxTg+Bgm0jR0VKT /YOxqSsrOG+ihmt6h3abRNGeu7L4cqCYHBl2U= Received: by 10.204.150.77 with SMTP id x13mr926620bkv.100.1254471530762; Fri, 02 Oct 2009 01:18:50 -0700 (PDT) Received: from ?127.0.0.1? (87-194-39-182.bethere.co.uk [87.194.39.182]) by mx.google.com with ESMTPS id h2sm1343881fkh.6.2009.10.02.01.18.48 (version=SSLv3 cipher=RC4-MD5); Fri, 02 Oct 2009 01:18:49 -0700 (PDT) From: Tom Evans To: =?ISO-8859-1?Q?Istv=E1n?= In-Reply-To: References: <4AC37D6B.3060409@optiksecurite.com> <4AC3FA90.1000405@gibfest.dk> <1254387556.39148.10.camel@strangepork.london.mintel.ad> <4E7E6B51-2B63-459C-A6FE-F327E899DCF6@anduin.net> Content-Type: text/plain; charset="UTF-8" Date: Fri, 02 Oct 2009 09:18:46 +0100 Message-Id: <1254471526.54871.10.camel@strangepork.london.mintel.ad> Mime-Version: 1.0 X-Mailer: Evolution 2.26.3 FreeBSD GNOME Team Port Content-Transfer-Encoding: 8bit Cc: Thomas Rasmussen , freebsd-security@freebsd.org, Eirik =?ISO-8859-1?Q?=D8verby?= Subject: Re: Update on protection against slowloris X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Oct 2009 08:18:53 -0000 On Thu, 2009-10-01 at 19:46 +0100, István wrote: > "The bad news is that it can indeed take a badly-configured apache > server down, and the worse news is that that includes a low-traffic > out-of-the box configuration. Even with the Event MPM, slowloris can > tie up one worker thread per connection." > > > > > for sure > It doesn't tie up one thread, one thread is partially occupied by waiting for the slowloris connection to finish sending the request. That thread can still handle other connections that are sending requests. In our tests, running a couple of slowloris instances against event MPM had virtually no effect. Cheers Tom