On Fri, 2009-06-19 at 21:45 +0300, luben karavelov wrote:
> A DoS attack against number of http servers is available and has hit
> slashdot today:
> http://it.slashdot.org/story/09/06/19/1243203/Attack-On-a-Significant-Flaw-In-Apache-Released
>
> Out of the box nginx is also vulnerable (I have tested it on latest 0.7
> installation). A quick fix for the vulnerability follows:


I notice that one of the prerequisites is:

"2) Negotiate a high TCP window size for each of the connections (1 GB
should be doable)"

This seems to point to TCP stack tuning to prevent this.

Cliff

--
http://www.google.com/search?q=vonage+sucks