Apache/IIS/nginx Multiple HTTP Servers (Memory Exhaustion) DoS

ID 1337DAY-ID-20019
Type zdt
Reporter Xianur0
Modified 2012-12-21T00:00:00


The attack involves making requests to the web server via HTTP pipelining and closing the connection before receiving a response, it causes the thread/fork is not advised and continue processing the request (before attempting to send the response), the attack requires that the server has a significant delay to make more threads/forks with few connections and consume a maximum of resources. The attack exploits the retransmissions and half closed states (CLOSE_WAIT, TIME_WAIT, FIN_WAIT, etc...) of the TCP stack. Yes, this attack can be used for many other services, not just HTTP :D. Recommendation: it's fun to attack with PHP files on the server :P Why firewalls can not easily stop this attack? Because we do not use too many connections "established" to cause DoS :D Note: The effect of the attack may vary from server to server TCP Stack: http://www.youtube.com/watch?v=aZvGZXiqx5I

This is private exploit. You can buy it at https://0day.today