[Full-Disclosure] Re: Clarification on Xitami DoS

• Previous message: Matthew Murphy: "[Full-Disclosure] Re: Clarification on Xitami DoS"
• Next in thread: Steven M. Christey: "Re: [Full-Disclosure] Re: Clarification on Xitami DoS"
• Next in thread: Matthew Murphy: "Re: Clarification on Xitami DoS"
• Reply: Steven M. Christey: "Re: [Full-Disclosure] Re: Clarification on Xitami DoS"
• Reply: Steven M. Christey: "Re: [Full-Disclosure] Re: Clarification on Xitami DoS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It could be an  error in Xitami's dynamic-store allocation logic that causes it to fail to reclaim the discarded memory per connection ?

Call for Memory Leak Detection Tools
http://www.cs.colorado.edu/homes/zorn/public_html/MallocDebug.html



Regards, 
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk


--- "Matthew Murphy" <mattmurphyat_private> wrote:
>>What is vendor's status regarding this issue?
>
>I've e-mailed the vendor, but have received no response *at all*.
>
>>It is good we found the real cause of DoS effect in Xitami.
>>Because, the maxedout values seem to work quiet fine, the problem is
>>Keep-Alive Connection handling.
>
>Yes, I originally thought it was a connection flood because numbers
>started jumping and then Xitami crashed almost immediately.  However,
>I was actually seeing the effects of my flood combined with numerous
>other connections that had "hung open".
>
>>I don't know how did you actually find out when it has dropped a
>>particular connection
>
>Well, I didn't find out when it was dropping connections, just that
>it *wasn't* dropping any.  My WinME box btw required an
>extremely high number of connections to crash (I believe the number
>was over 450), so production machines will require significantly
>more connections -- it seems to be a bug-induced resource exhaustion.
>
>>as in the duration of Keep-Alive affected and
>>it's connection dropping time and whether it matches the value in
>configurations? after how long ?
>>I tried netstat -an frequently by making requests from different hosts on
>my network, but same results as i told you before.
>
>I'm still a bit hazy on exactly *where* in the keep-alive handling that
>Xitami is buggy -- I'm beginning to think that it is not actually related
>to an open connection, and instead just a bad resource cleanup on
>the server end.

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with emailat_private by Everyone.net  http://www.everyone.net/?btn=tag
_______________________________________________
Full-Disclosure - We believe in it.
Full-Disclosureat_private
http://lists.netsys.com/mailman/listinfo/full-disclosure

• Next message: Matthew Murphy: "[Full-Disclosure] AOL Instant Messenger - Away Setting and Snoopers"
• Previous message: Matthew Murphy: "[Full-Disclosure] Re: Clarification on Xitami DoS"
• Next in thread: Steven M. Christey: "Re: [Full-Disclosure] Re: Clarification on Xitami DoS"
• Next in thread: Matthew Murphy: "Re: Clarification on Xitami DoS"
• Reply: Steven M. Christey: "Re: [Full-Disclosure] Re: Clarification on Xitami DoS"
• Reply: Steven M. Christey: "Re: [Full-Disclosure] Re: Clarification on Xitami DoS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Aug 04 2002 - 17:07:47 PDT