[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Hash Table Collisions (n.runs-SA-2011.004)
- From: David Favro <lua@...>
- Date: Thu, 05 Jan 2012 15:44:42 -0500
On 01/03/2012 06:28 PM, Petite Abeille wrote:
> In the meantime, feel free to break Nanoki, which sports an HTTP server implemented in pure Lua.
I had a rather amateurish go at Mr. Abeille's generous offer to DoS his
server using the method he described (colliding HTTP headers), and
tcpserver+Nanoki seemed to serve it well. 36k colliding headers (1.2MB)
does fine to seize up the processing of the request, but after 60s it's
canceled as expected (the same request, with non-colliding headers, only
takes 6s total round-trip).
I never degraded the response time for legitimate requests below a few
seconds, perhaps because my ISP limits my upstream bandwidth or perhaps due
to some other problem in my attempts to get many simultaneous requests going.
-- David
- References:
- Re: Hash Table Collisions (n.runs-SA-2011.004), TNHarris
- Re: Hash Table Collisions (n.runs-SA-2011.004), Mark Hamburg
- Re: Hash Table Collisions (n.runs-SA-2011.004), Tom N Harris
- Re: Hash Table Collisions (n.runs-SA-2011.004), Mark Hamburg
- Re: Hash Table Collisions (n.runs-SA-2011.004), Vladimir Protasov
- Re: Hash Table Collisions (n.runs-SA-2011.004), Leo Razoumov
- Re: Hash Table Collisions (n.runs-SA-2011.004), Vladimir Protasov
- Re: Hash Table Collisions (n.runs-SA-2011.004), Miles Bader
- Re: Hash Table Collisions (n.runs-SA-2011.004), Ashwin Hirschi
- Re: Hash Table Collisions (n.runs-SA-2011.004), Petite Abeille