Hello,
There're a number of webserver-mace apps on the net, the newest that I heard of being the so called "Apache killer" script I saw a few days agon on Full disclosure... Here you can see a demonstration of what it does. Also, I've attached the script itself.
http://www.youtube.com/watch?v=fkCQZaVjBhA
I believe we should discuss some possibilities about how to configure HAProxy to protect Apache backends as much as possible, or at least mitigate such attacks? Any ideas?
Cheers,
Levente
This archive was generated by hypermail 2.2.0 : 2011/08/22 19:00 CEST