Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack

[Patrik Karlsson <patrik () cqure net>]

On Apr 30, 2011, at 3:42 PM, Henri Doreau wrote:

> 2011/4/30 Patrik Karlsson <patrik () cqure net>:
> > There is a limit on the number of open sockets that NSE can have (currently 20)
>
> Just wanted to mention that this value can be changed on the command
> line with --max-parallelism.

Good point.

> I read the script and it seems that it cannot handle several targets
> because it relies upon the nmap registry to control the threads. The
> registry is shared between instances, hence producing undesired
> behavior here. A solution can be to use an IP field for each host to
> distinguish the entries (like nmap.registry[host.ip]['slowloris']
> instead of nmap.registry['slowloris'] for instance). Nevertheless I am
> not sure that the nmap registry is well suited to achieve such
> inter-thread communications.

I agree that this is a problem and I think it's better to avoid using the registry for inter-thread communication.
In some of the cases it's not very clear to me why the information is passed through the registry instead of using a 
variable.
However, I must admit I've just briefly looked at the script.

While there aren't a lot of scripts making use of threads, there are a few. Have a look at them for inspiration and 
guidance in how to do threaded work in NSE.
For example for counting running threads at a given time you could have a look at the threadCount function in brute.lua.

> Regards.
>
> -- 
> Henri Doreau |  Greenbone Networks GmbH  |  http://www.greenbone.net
> Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
> Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner


//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/