|
From: | Martin Egholm Nielsen |
Subject: | Re: [Jessie-discuss] Handshake timeout - preventing DoS |
Date: | Thu, 10 Nov 2005 13:44:37 +0100 |
User-agent: | Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050319 |
Trying to make my webserver (more) robust against DoS (Denial of Service), I've noticed that one can easily make Jessie "occupy" and block during handshaking. This can obviously be done by telnet'ing the server on the used port, and then just do anything with that telnet connection...So in order to prevent this hanging there forever, flooding the server with open connections, it would be nice if was possible to set a timeout value for the handshake.
Now, thinking of timeouts, I reckon it would be clever if there is also a timeout on the attempt to "close()" the connection gracefully. That is, RecordInput's pollClose() should only try to read the remainder of a record:
boolean pollClose () throws IOException { if (fragment == null || index >= fragment.length) { try { readRecord(); ...for so long. Because if the handshake has been initiated but not completed, and the server decides the socket should be closed (due to timeout), the attempt of closing, will block the closer-thread.
// Martin
[Prev in Thread] | Current Thread | [Next in Thread] |