[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: LuaSocket: No way to protect against fuzzing attacks?
- From: Stefan Reich <stefan.reich.maker.of.eye@...>
- Date: Tue, 11 Oct 2011 14:54:24 +0000
On Tue, Oct 11, 2011 at 2:23 PM, Javier Guerra Giraldez
<javier@guerrag.com> wrote:
> Copas and Xavante are written like that --- some people think they're fun :-)
Yeah, I think this is totally a solvable problem.
Use socket.select to wait for data. Then read from all sockets with
data in the queue. Simple as that. You can't get stalled that way, no
matter how slowly someone sends you data.
On top of that, just drop any connection as soon as it appears not to
be worthwhile. (Takes too long to deliver data, or too many headers.)
Doesn't that solve all your "fuzzing attack" problems?
[I didn't know that it is called fuzzing btw. Is that a well-known
term this side of the great beltway? :)]
We should put up some HTTP servers and try to fuzz them.
(Well, if the spirit of this list was not disencouraging actual
collaboration, we would...)
Cheers,
Stefan