I am not able to reproduce this. The server is answering and serving<div><br></div><div><div>./slowloris.pl -dns <a href="http://doma.in">doma.in</a> -port 80 -timeout 2 -num 10000</div><div><br></div><div>The load is zero, there is not even a delay in the response time. Would you mind to share your slowloris.pl command and/or the nginx relevant config, OS type and version, sysctl.conf(or equivalent).</div>
<div><br></div><div>It would be also nice to know what the nginx is doing in that time, do you have dtrace on that node? Enable debug level logging in nginx is a really bad idea if you have 5000 requests...</div><div><br>
</div><div><i>"But if you have enough attack computers, you also can make a Nginx server deny service."</i><br></div><div><i><br></i></div><div>If you have enough computer you can take down even <a href="http://google.com">google.com</a>, this is not relevant to this conversation, moreover the slowloris is a dedicated tool to low bandwith/low amount of computers attacks.</div>
<div><br></div><div>Regards,</div><div>Istvan</div><div><br></div><br><div class="gmail_quote">On Tue, Jun 23, 2009 at 3:34 AM, Weibin Yao <span dir="ltr"><<a href="mailto:nbubingo@gmail.com">nbubingo@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">István at 2009-6-22 20:40 wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I wasn't able to raise the load above 0,1 with nginx-0.6.32 on freebsd.<br>
<br>
What did I wrong if nginx is affected "much stronger"?<br>
</blockquote></div>
Under this attack, Nginx just blocks all the sockets for client_header_timeout seconds, the load is always very low.<br>
<br>
In my tests, apache2 stops working when the attack number is above 500. I think maybe apache2 can't fork more processes or threads.<br>
But Nginx can survive when the attack number is below woker_processes*worker_connections. It's more difficult to attack Nginx than apache. But if you have enough attack computers, you also can make a Nginx server deny service.<br>
<br>
-- <br><font color="#888888">
Weibin Yao<br>
<br>
<br>
</font></blockquote></div><br><br clear="all"><br>-- <br>the sun shines for all<br>
</div>