[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: LuaSocket: No way to protect against fuzzing attacks?
- From: Petite Abeille <petite.abeille@...>
- Date: Tue, 11 Oct 2011 17:36:29 +0200
On Oct 11, 2011, at 9:37 AM, HyperHacker wrote:
> I've been working on a simple HTTP server using LuaSocket. I wanted to
> defend against "fuzzing" attacks, where an attacker sends endless
> streams of junk (often at very slow rates) as HTTP headers, never
> ending the line or request header, thus tying up the server's
> resources as it sits endlessly waiting for/buffering header strings
> for a request that never completes.
ulimit + timelimit?
[1] http://compute.cnr.berkeley.edu/cgi-bin/man-cgi?ulimit+2
[2] http://devel.ringlet.net/sysutils/timelimit/
