Re: LuaSocket: No way to protect against fuzzing attacks?

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: LuaSocket: No way to protect against fuzzing attacks?
From: Petite Abeille <petite.abeille@...>
Date: 2011年10月11日 17:36:29 +0200

On Oct 11, 2011, at 9:37 AM, HyperHacker wrote:
> I've been working on a simple HTTP server using LuaSocket. I wanted to
> defend against "fuzzing" attacks, where an attacker sends endless
> streams of junk (often at very slow rates) as HTTP headers, never
> ending the line or request header, thus tying up the server's
> resources as it sits endlessly waiting for/buffering header strings
> for a request that never completes.
ulimit + timelimit?
[1] http://compute.cnr.berkeley.edu/cgi-bin/man-cgi?ulimit+2
[2] http://devel.ringlet.net/sysutils/timelimit/

References:
- LuaSocket: No way to protect against fuzzing attacks?, HyperHacker

Prev by Date: Re: Is it hard to write a fast JIT for a language that distinguishes between NULL and Int32=0
Next by Date: Re: [ANN] lua-time
Previous by thread: Re: LuaSocket: No way to protect against fuzzing attacks?
Next by thread: Re: LuaSocket: No way to protect against fuzzing attacks?
Index(es):
- Date
- Thread