Re: [dev] [quark] Current performance and ideas

From: FRIGN <dev_AT_frign.de>
Date: Thu, 14 Aug 2014 11:03:31 +0200

On Thu, 14 Aug 2014 09:52:44 +0100
Dimitris Papastamos <dp_AT_spl9.org> wrote:

> One thing that needs to be fixed in the current model
> is to timeout existing connections that we have received no
> data from in a time interval.
>
> So consider the following:
>
> for i in $(seq 1 1000); do
> nc 127.0.0.1 &
> done
>
> This will create 1000 processes on the server, all of them
> blocked on a read().

Exactly!

This opens a security-hole for DDoS-attacks in which the attacker just
sends a non-terminated header.
Setting a timeout with setsockopt is trivial though and it worked well
when I tested it.

Cheers

FRIGN

-- 
FRIGN <dev_AT_frign.de>
Received on Thu Aug 14 2014 - 11:03:31 CEST

This archive was generated by hypermail 2.3.0 : Thu Aug 14 2014 - 11:12:07 CEST