|
|
|
|
|
|
by snowwrestler
3395 days ago
|
|
|
Sorry to be blunt, but this is just incorrect. The problem with "Slashdotting" was the number of concurrent connections. Heck a fair portion of the time it was the database that keeled over first, not Apache. Slowloris attacks send purposefully incomplete requests and hold them open with additional headers. Even with dial-up modems, connections were never slow enough for this to be a problem with actual requests, which are lightweight. Responses are heavy and can tie up slow connections, especially if they have to go get stuff out of the database. But in that case it's no longer a Slowloris type attack. It's just too many concurrent connections. The Slashdot effect was solved with static HTML caching, simply because caches are faster and don't touch the DB. Cloudflare is a simple, free example of such a cache, although certainly not the only one. |
|
|
I didn't say it was a Slowloris attack. I said Slashdotting was "in effect" the same thing. Which it is, both problems are one of exhausting limited concurrency.
> The problem with "Slashdotting" was the number of concurrent connections.
Exactly the same problem a Slowloris attack exploits.
> Responses are heavy and can tie up slow connections...
Yes, responses tie up the limited number of available httpd processes.
The problem was that Apache couldn't even serve static files to many clients because of its heavy weight httpd processes and the fact that clients were so slow.
If your web server can only handle 200 concurrent connections, and you want to serve a 500 KB screenshot of your 1337 Linux desktop to clients that download at 3.5 kbyte/s, you can handle like ~1.4 req/s. Doesn't take much to get Slashdotted.
Whereas, event-based webservers could handle at least 10x more connections on the same hardware even before epoll existed.
I had this problem in 1998 and fixed it with select/poll based servers, and then eventually other epoll-based servers before nginx existed.