Sunday, June 10, 2012

New DoS tool lets a single PC bring down an Apache server

Recently discovered malware circulating online gives miscreants a small arsenal of denial-of-service attack tools, including a relatively new one that allows a single PC to take down an Apache webserver, a researcher said.

MP-DDoser, as documented in a blog post by Arbor Networks researcher Jeff Edwards, implements an exploit known as "Apache Killer," which first came to light last August. Researchers said then that it worked by sending Apache servers multiple GET requests containing overlapping byte ranges, consuming all memory on a target system. The Arbor post suggested the technique worked against other webserver applications.

"The core of the attack involves the sending of a very long-range HTTP header that is intended to bring webservers (especially Apache) to their knees by forcing them to do a great deal of server-side work in response to a comparatively small request," Edwards wrote. "It is therefore one of the more effective low-bandwidth, 'asymmetrical' HTTP attacks at the moment."

MP-DDoser, aka IP-Killer, also contains other denial-of-service exploits, including one that closely resembles "Slowloris," another attack that allows a single PC to bring large websites to their knees. Apache Killer has also been incorporated into another DoS bot known as Armageddon.

Read more: Ars Technica
QR: Inline image 1

Posted via email from Jasper-Net