Re: Xitami Connection Flood Server Termination Vulnerability

[<mattmurphy () kc rr com>]

In-Reply-To: <20020803013725.DEF393953 () sitemail everyone net>

> Although i tried it using a perl script flooding the GET requests in a
> loop, instead of using browser quickie, but yeah i had the maximum 
> number of concurrent sessions value set quiet low, as it was 100 only.

A little correction on the connection setting.  My config was reset during maintenence, and was actually set at 
*infinite* connections, but Xitami ceased to respond at about 11 connections on my box.  The denial of service 
condition appears to be an overloaded piece of code in a library/core module.  It appears to be max-ed out when Xitami 
stops checking for new session requests.  However, what puzzles me is *why* the service is halting checks when it has 
no connection limit set.