Daniel Robbins wrote a nice guide about HTTP DoS vulnerability (Slowloris):

“Slowloris is the name of a perl-based HTTP client that can be used as a denial of service against Apache-based HTTP servers and the squid caching proxy server. It operates by repeatedly initiating several hundred valid HTTP requests to the server, and keeping these connections open using a minimal amount of TCP traffic, in order to consume server resources. Once server resources are exhausted, the server will no longer be able to respond to legitimate traffic.”

Deadwood is a working DNS forwarding cache. This is a UDP-only server with the following features:

• Small size and memory footprint suitable for embedded systems
• Simple and clean codebase
• Secure design
• Spoof protection: Strong cryptography used to determine the Query ID and source port
• Ability to read and write the cache to a file
• Dynamic cache that deletes entries not recently used
• Ability to use expired entries in the cache when it is impossible to contact upstream DNS servers.
• Ipv6 support can be compiled in if desired

Let’s install it on Bebop, my CPU is an AMD64, so I use -march=k8:

  cd /usr/src
  wget http://maradns.org/deadwood/deadwood-2.3.04.tar.bz2
  tar jxvf deadwood-2.3.04.tar.bz2
  cd deadwood-2.3.04
  export FLAGS='-march=k8 -O2 -pipe'
  cd src
  make -f Makefile.centos5
  nano /etc/dwood2rc
  cp DwMain /usr/sbin
  cd ../doc
  cp DwMain.1 /usr/share/man/man1/
  cd /usr/sbin
  ln -s DwMain DwTcp

nano /etc/dwood2rc

  bind_address="10.1.1.139" # IP we bind to
  chroot_dir = "/etc/maradns" # Directory we run program from (not used in Win32)
  upstream_servers["."]="10.1.1.140" # Servers we connect to
  recursive_acl = "10.1.1.0/24" # Who is allowed to use the cache
  maxprocs = 8 # Maximum number of pending requests
  handle_overload = 1 # Send SERVER FAIL when overloaded
  maradns_uid = 99 # UID Deadwood runs as
  maradns_gid = 99 # GID Deadwood runs as
  maximum_cache_elements = 60000
  cache_file = "dw_cache"

nano /etc/init.d/deadwood

  #!/sbin/runscript
  depend() {
          need net
          provide dns
  }
  start() {
          ebegin "Starting deadwood"
          start-stop-daemon --start --quiet --name deadwood \
                  --exec /usr/bin/duende /usr/sbin/DwMain
          eend $?
  }
  stop() {
          ebegin "Stopping deadwood"
          killall DwMain
          eend $?
  }

I using in this VPS the Varnish as HTTP accelerator.
The first impression was very good!! It’s use advanced features of S.O. to achieve its high performance.

Some features:

• A modern design
• VCL - a very flexible configuration language
• Load balancing with health checking of backends
• Partial support for ESI
• URL rewriting
• Graceful handling of “dead” backends

BeBop Gentoo (Funtoo) Stage4 launched !!

Get it here:

amd64

Basic system version

Startkde version

Features:

• built with Funtoo Amd64 stage3
• gcc version 4.3.1 (Gentoo 4.3.1-r1 p1.1)
• glibc 2.8_p20080602
• binutils 2.18-r3
• LDFLAGS=”-Wl,–hash-style=both”
• baselayout 2
• openrc

O Lighttpd é novamente o servidor web da Mrg Network.