[hunchentoot-devel] Hunchentoot effective DOS-attack
Peter Stiernström
peter.stiernstrom at blixtvik.se
Fri Jul 3 11:12:06 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I don't know if this have come up earlier or if it is a known problem.
If so I am sorry for bringing it up again. A quick look through the
archives turned up a non-caught sbcl socket timeout error with the
obvious fix of adding an error translation to the usocket sbcl backend
error map. I expect this to be somewhat similar.
When stressing hunchentoot with a number of connection like so:
for i in $(seq 1 20); do nmap -sT -p 80 <hostname> ;done
Hunchentoot (last 1.0 release) stops responding after not having caught
a SB-BSD-SOCKETS:NOT-CONNECTED-ERROR thus being easily DOSed.
I was hoping that there would be an obvious similar mapping missing but
I don't know my way around hunchentoot to figure out what to map
SB-BSD-SOCKETS:NOT-CONNECTED-ERROR to.
I am seeing this problem on a regular basis and for now it always
prompts a full restart.
I am using usocket 0.4.1 with hunchentoot 1.0.0.
/Peter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpN54YACgkQ0brSZD05ZzARvACfe7SP+QJeHyyQg2zVMKaDL7PI
Z8sAn26so+rYt9eviL/x+E0a6XYORbig
=4rny
-----END PGP SIGNATURE-----
More information about the Tbnl-devel
mailing list