[Full-Disclosure] Re: Clarification on Xitami DoS

From: Muhammad Faisal Rauf Danka (full-disclosure@lists.netsys.com)
Date: 08/05/02 

From: full-disclosure@lists.netsys.com (Muhammad Faisal Rauf Danka)
Date: Sun, 4 Aug 2002 16:45:13 -0700 (PDT)

It could be an error in Xitami's dynamic-store allocation logic that causes it to fail to reclaim the discarded memory per connection ?

Call for Memory Leak Detection Tools
http://www.cs.colorado.edu/homes/zorn/public_html/MallocDebug.html

Regards,
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk

--- "Matthew Murphy" <mattmurphy@kc.rr.com> wrote:
>>What is vendor's status regarding this issue?
>
>I've e-mailed the vendor, but have received no response *at all*.
>
>>It is good we found the real cause of DoS effect in Xitami.
>>Because, the maxedout values seem to work quiet fine, the problem is
>>Keep-Alive Connection handling.
>
>Yes, I originally thought it was a connection flood because numbers
>started jumping and then Xitami crashed almost immediately. However,
>I was actually seeing the effects of my flood combined with numerous
>other connections that had "hung open".
>
>>I don't know how did you actually find out when it has dropped a
>>particular connection
>
>Well, I didn't find out when it was dropping connections, just that
>it *wasn't* dropping any. My WinME box btw required an
>extremely high number of connections to crash (I believe the number
>was over 450), so production machines will require significantly
>more connections -- it seems to be a bug-induced resource exhaustion.
>
>>as in the duration of Keep-Alive affected and
>>it's connection dropping time and whether it matches the value in
>configurations? after how long ?
>>I tried netstat -an frequently by making requests from different hosts on
>my network, but same results as i told you before.
>
>I'm still a bit hazy on exactly *where* in the keep-alive handling that
>Xitami is buggy -- I'm beginning to think that it is not actually related
>to an open connection, and instead just a bad resource cleanup on
>the server end.

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net http://www.everyone.net/?btn=tag

Relevant Pages

  • [Full-Disclosure] Re: Clarification on Xitami DoS
    ... >It is good we found the real cause of DoS effect in Xitami. ... I originally thought it was a connection flood because numbers ... it *wasn't* dropping any. ... more connections -- it seems to be a bug-induced resource exhaustion. ...
    (Full-Disclosure)
  • Re: Clarification on Xitami DoS
    ... >It is good we found the real cause of DoS effect in Xitami. ... I originally thought it was a connection flood because numbers ... it *wasn't* dropping any. ... more connections -- it seems to be a bug-induced resource exhaustion. ...
    (Vuln-Dev)
  • Re: do people realy fall for this crap?(note my reply at the top of the email)
    ... and keeps dropping the connection. ... broadband keeps dropping out, are extremely ironic. ... same with radio coverage. ...
    (uk.people.support.depression)
  • Re: 2.6.12 Performance problems
    ... Dropping packets is always ... > network connection while listening to music ... the audio stream is not depending ...
    (Linux-Kernel)
  • Re: Access Project Connection Problem
    ... - The network link keeps dropping, at which Access will hault transactions ... makes modifications to the database references that are not backwards ... dropping immediately upon opening the project. ... connection, the connection will succeed. ...
    (comp.databases.ms-access)
Quantcast