
David A. Desrosiers wrote:
If connections are your concern why dont you use keep-alive connections on your site? Modern UAs and webservers can download an HTML page with CSS and all images in one connection:
Because KeepAlive hurts performance on heavily-loaded servers, and because there are lots of exploits running about specifically used to tie up webservers that use KeepAlive by leaving each socket in a TIME_WAIT state.
Why write such a complicated exploit when just opening the connection and sending nothing is much simpler? This will leave the connection in an ESTABLISHED state, but will tie up one apache child all the same (until TimeOut). And it will need much less bandwidth than your exploit: The default value of TimeOut is 300 while the default value of KeepAliveTimeout is 15.
With Apache Benchmark pounding various pages on the same physical box, with KeepAlive enabled, performance drops by about 80% (we're behind Squid as an http accellerator anyway, so KeepAlive on the Apache side is moot).
But how is your exploit going to work if you have a squid in front? Doesn't the squid close the connection? -- Marcello Perathoner webmaster@gutenberg.org