Nmap Development mailing list archives
Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack
From: Patrick Donnelly <batrick () batbytes com>
Date: Sat, 11 Jun 2011 21:28:32 -0400
On Fri, Jun 10, 2011 at 6:12 AM, Henri Doreau <henri.doreau () greenbone net> wrote:
- removed variable "count" in doHalfHTTP. Maybe I'm just missing something but I can't see why not simply operating on the "Threads" variable. And don't we have a race condition here? """ local count = Threads -- Threads is shared between all threads count = count + 1 Threads = count -- Threads might have changed and its value would then be overwritten there? """ I am not entirely sure as NSE threads aren't real native threads. Could someone review the accesses to shared variables?
Currently, the only time there is a "context switch" between script threads is when call one of these functions: (a) stdnse.sleep (b) function returned by nmap.mutex(...) (c) function returned by nmap.condvar(...) (d) any socket function As said in the documentation, script threads are not operating system threads. They are coroutines. There is no memory synchronization concerns ever. The reason the mutex/condition variable mechanisms exist is to allow you to control and manage script threads. For example, the first usage of the mutexes were to serialize access to a remote whois service to prevent overloading the service. -- - Patrick Donnelly _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Ange Gutek (Jun 03)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Henri Doreau (Jun 10)
- Message not available
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Henri Doreau (Jun 10)
- Message not available
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Patrick Donnelly (Jun 11)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Jun 12)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Patrik Karlsson (Jun 12)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Henri Doreau (Jun 17)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Henri Doreau (Jun 10)
- <Possible follow-ups>
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Ron (Jun 17)