Re: Xitami Connection Flood Server Termination Vulnerability

From: mattmurphyat_private
Date: Fri Aug 02 2002 - 19:33:58 PDT

Next message: Eiji James Yoshida: "Re: Microsoft Internet Explorer 'Folder View for FTP sites' Script Execution vulnerability"

Previous message: Muhammad Faisal Rauf Danka: "Re: Xitami Connection Flood Server Termination Vulnerability"
Maybe in reply to: Matthew Murphy: "Xitami Connection Flood Server Termination Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <20020803013725.DEF393953at_private> >Although i tried it using a perl script flooding the GET requests in a >loop, instead of using browser quickie, but yeah i had the maximum >number of concurrent sessions value set quiet low, as it was 100 only. > A little correction on the connection setting. My config was reset during maintenence, and was actually set at *infinite* connections, but Xitami ceased to respond at about 11 connections on my box. The denial of service condition appears to be an overloaded piece of code in a library/core module. It appears to be max-ed out when Xitami stops checking for new session requests. However, what puzzles me is *why* the service is halting checks when it has no connection limit set.

Next message: Eiji James Yoshida: "Re: Microsoft Internet Explorer 'Folder View for FTP sites' Script Execution vulnerability"
Previous message: Muhammad Faisal Rauf Danka: "Re: Xitami Connection Flood Server Termination Vulnerability"
Maybe in reply to: Matthew Murphy: "Xitami Connection Flood Server Termination Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Aug 03 2002 - 09:49:48 PDT