Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack

From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 30 Apr 2011 12:07:15 +0200

On Apr 30, 2011, at 11:19 AM, Gutek wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 30/04/2011 10:38, Toni Ruottu a écrit :

So the current hypothesis would be that NSE has some hidden connection
limit, that perl does not have?



I didn't want to say that explicitly because I'm not expert enough, but
that's my feeling, yes.


There is a limit on the number of open sockets that NSE can have (currently 20) [1].
This was discussed when I ran into some problems with the brute framework and I ended up re-designing the driver model.
As far as I remember the limit applies to NSE as a whole, which means that if you have 10 other scripts running in 
parallel, using a socket each, your script will only be able to use 10 sockets.

//Patrik

[1] http://seclists.org/nmap-dev/2010/q2/408


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAk271CEACgkQ3aDTTO0ha7ijygCePgAQT17/YqzSkt0f4qqw66aS
SnUAn3rmVB+/B5mBRgicmN9qfqOi/bhr
=gpQv
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: