[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Hash Table Collisions (n.runs-SA-2011.004)
- From: Jerome Vuarand <jerome.vuarand@...>
- Date: Fri, 6 Jan 2012 11:22:08 +0100
2012/1/5 Petite Abeille <petite.abeille@gmail.com>:
>
> On Jan 5, 2012, at 9:44 PM, David Favro wrote:
>
>> On 01/03/2012 06:28 PM, Petite Abeille wrote:
>>> In the meantime, feel free to break Nanoki, which sports an HTTP server implemented in pure Lua.
>>
>> I had a rather amateurish go at Mr. Abeille's generous offer to DoS his
>> server using the method he described (colliding HTTP headers), and
>> tcpserver+Nanoki seemed to serve it well. 36k colliding headers (1.2MB)
>> does fine to seize up the processing of the request, but after 60s it's
>> canceled as expected (the same request, with non-colliding headers, only
>> takes 6s total round-trip).
>>
>> I never degraded the response time for legitimate requests below a few
>> seconds, perhaps because my ISP limits my upstream bandwidth or perhaps due
>> to some other problem in my attempts to get many simultaneous requests going.
>
> Excellent. Thanks for giving it a go :)
I gave it a try too. The collision generation is based on Florian
Weimer's code (see [1]). For some reason I could not detect any
noticeable difference on my linux box at home, it may be because of
limited upload speed on my side. At work though, on Windows, I get
some results :
E:\Developpement>lua hashbomb.lua 30000 fast http://svr225.stepx.com:3388/a
result: 0
status: HTTP/1.1 200 OK
output: <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN'
'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
time: 2.6119999999937
E:\Developpement>lua hashbomb.lua 30000 slow http://svr225.stepx.com:3388/a
result: 0
status: HTTP/1.1 200 OK
output: <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN'
'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
time: 23.28899999999
E:\Developpement>lua hashbomb.lua 40000 fast http://svr225.stepx.com:3388/a
result: 0
status: HTTP/1.1 200 OK
output: <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN'
'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
time: 3.8349999999919
E:\Developpement>lua hashbomb.lua 40000 slow http://svr225.stepx.com:3388/a
result: 0
status: HTTP/1.1 200 OK
output: <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN'
'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
time: 46.542000000016
The script is attached, it takes the following arguments:
lua hashbomb.lua <string_count> <mode> [<url>]
"mode" can be either "slow" for colliding strings, or "fast" for very
similar but non-colliding strings. The URL is optional, if you don't
provide one it will test the local Lua interpreter (by stuffing the
strings in a table). If you pass a URL, the script generate a curl
config file with lots of HTTP headers, and then run curl on the
specified URL.
With 40k strings, the config file is 1.4M long, the HTTP request
should be of similar size (a bit smaller I believe). With 50k strings
it seems I hit the nanoki timeout (I get "curl: (52) Empty reply from
server").
Jérôme.
[1] http://thread.gmane.org/gmane.comp.lang.lua.general/58609
Attachment:
hashbomb.lua
Description: Binary data
- References:
- Re: Hash Table Collisions (n.runs-SA-2011.004), TNHarris
- Re: Hash Table Collisions (n.runs-SA-2011.004), Mark Hamburg
- Re: Hash Table Collisions (n.runs-SA-2011.004), Tom N Harris
- Re: Hash Table Collisions (n.runs-SA-2011.004), Mark Hamburg
- Re: Hash Table Collisions (n.runs-SA-2011.004), Vladimir Protasov
- Re: Hash Table Collisions (n.runs-SA-2011.004), Leo Razoumov
- Re: Hash Table Collisions (n.runs-SA-2011.004), Vladimir Protasov
- Re: Hash Table Collisions (n.runs-SA-2011.004), Miles Bader
- Re: Hash Table Collisions (n.runs-SA-2011.004), Ashwin Hirschi
- Re: Hash Table Collisions (n.runs-SA-2011.004), Petite Abeille
- Re: Hash Table Collisions (n.runs-SA-2011.004), David Favro
- Re: Hash Table Collisions (n.runs-SA-2011.004), Petite Abeille
