[hunchentoot-devel] Hunchentoot effective DOS-attack

Hans Hübner hans.huebner at gmail.com
Sun Jul 5 21:39:15 UTC 2009 

Peter,

I am not able to reproduce the problem using the nmap command line
that you provided.  I also ran siege against Hunchentoot:

Transactions:                   1205 hits
Availability:                 100.00 %
Elapsed time:                  14.40 secs
Data transferred:               3.03 MB
Response time:                  0.11 secs
Transaction rate:              83.69 trans/sec
Throughput:                     0.21 MB/sec
Concurrency:                    9.30
Successful transactions:        1205
Failed transactions:               0
Longest transaction:            6.29
Shortest transaction:           0.01

Can you reproduce the problem with siege?  What platform are you
running on?  Can you reproduce the problem when the client is on the
same machine as the server?

It'd be interested to learn where the
SB-BSD-SOCKETS:NOT-CONNECTED-ERROR is actually signalled from.  To
debug, you might set *BREAK-ON-SIGNALS* to
'SB-BSD-SOCKETS:NOT-CONNECTED-ERROR and post the backtrace.

-Hans

2009/7/3 Peter Stiernström <peter.stiernstrom at blixtvik.se>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I don't know if this have come up earlier or if it is a known problem.
> If so I am sorry for bringing it up again. A quick look through the
> archives turned up a non-caught sbcl socket timeout error with the
> obvious fix of adding an error translation to the usocket sbcl backend
> error map. I expect this to be somewhat similar.
>
> When stressing hunchentoot with a number of connection like so:
>
> for i in $(seq 1 20); do nmap -sT -p 80 <hostname> ;done
>
> Hunchentoot (last 1.0 release) stops responding after not having caught
> a SB-BSD-SOCKETS:NOT-CONNECTED-ERROR thus being easily DOSed.
>
> I was hoping that there would be an obvious similar mapping missing but
> I don't know my way around hunchentoot to figure out what to map
> SB-BSD-SOCKETS:NOT-CONNECTED-ERROR to.
>
> I am seeing this problem on a regular basis and for now it always
> prompts a full restart.
>
> I am using usocket 0.4.1 with hunchentoot 1.0.0.
>
> /Peter
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkpN54YACgkQ0brSZD05ZzARvACfe7SP+QJeHyyQg2zVMKaDL7PI
> Z8sAn26so+rYt9eviL/x+E0a6XYORbig
> =4rny
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> tbnl-devel site list
> tbnl-devel at common-lisp.net
> http://common-lisp.net/mailman/listinfo/tbnl-devel
>

More information about the Tbnl-devel mailing list