On Fri, 2009-06-19 at 21:45 +0300, luben karavelov wrote:
> A DoS attack against number of http servers is available and has hit
> slashdot today:
> http://it.slashdot.org/story/09/06/19/1243203/Attack-On-a-Significant-Flaw-In-Apache-Released
>
> Out of the box nginx is also vulnerable (I have tested it on latest 0.7
> installation).

What were the results of your tests? I can see Apache being vulnerable
to this, given the amount of resources it requires per connection, but
Nginx should be much less susceptible. The only resource I'd expect to
see exhausted might be sockets, which can be tuned at the OS level.

Cliff

--
http://www.google.com/search?q=vonage+sucks