users@grizzly.java.net

Re: Apache HTTP DoS tool released - this would probably take down grizzly as well

From: Igor Minar <iiminar_at_gmail.com>
Date: Fri, 19 Jun 2009 13:26:09 -0700

So I did... and I DoS-ed my grizzly webserver on the first try.

I think what we need here is to:
* ensure that headers are being read with nonblocking io
* maybe put a limit on the number/size of headers, which if reached
would result in connection termination

/i


On Jun 19, 2009, at 12:32 PM, Jeanfrancois Arcand wrote:

> Try it :-)
>
> We have a time out of 30 seconds and then we close the connection.
>
> A+
>
> -- Jeanfrancois
>
> Igor Minar wrote:
>> {quote}
>> In this case, the server will open the connection and wait for the
>> complete header to be received. However, the client (the DoS tool)
>> will not send it and will instead keep sending bogus header lines
>> which will keep the connection allocated.
>> {quote}
>> http://isc.sans.org/diary.html?storyid=6601
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>