Denial Of Service attack on HTTP server

Rob Landley rob at landley.net
Sun Mar 7 17:21:25 UTC 2010


On Sunday 07 March 2010 08:45:36 Ajith Adapa wrote:
> So for 1.2 version of httpd.c file it seems I got only 2 choices to
> solve my problem
>
> 1. Create a signal handler function for SIGCHLD signal and decrement
> the value for cur_clients variable and take care of not creating any
> zombies accidentally. This solution at present working like a charm
> and no zombies created until now ...

Go with 1.  You hae a working solution, life is good.  We're not interested in 
taking that solution upstream because you're forking a codebase from 2006.

That said, I am kind of curious what prevents the current httpd from 
forkbombing the system if exposed to a ddos attack.  (Or simply a mention from 
Neil Gaiman's twitter account, which accomplishes the same thing.)

A quick glance at the code showed me 2400 lines of #ifdef salad (including 
some #if 0) blocks, and I can't read much more without getting distracted into 
trying to _fix_ it, which is not how I want to spend today...  (I still owe you 
a kernel zlib rewrite, currently item #8 on my todo list...)

Rob
-- 
Latency is more important than throughput. It's that simple. - Linus Torvalds


More information about the busybox mailing list