-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/13/2012 06:08 PM, Daniel Kahn Gillmor wrote: > It appears that SKS 1.1.1's hkp interface is vulnerable to an ugly DoS attack > by a client > holding open a network connection without completing an HTTP request.
Sounds just like the kind of vulnerability that was present in most http services during the slowloris era. I'm pretty sure the same tools can be used to attack sks's hkp interface. If you could share your nginx configuration, others will probably adapt it to lighttpd, apache... I know, it's not big science, but to get the ball rolling :) Buanzo. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAk9l8u4ACgkQAlpOsGhXcE1Q7QCfZwzyx2iaQRV6BfAlZ+/bqrvC bZYAn2ts+FpnwkPC0l8/t7J4asMNVbYF =r67R -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
