From: Casey Marshall <address@hidden>
Date: November 10, 2005 8:50:21 PM PST
To: Martin Egholm Nielsen <address@hidden>
Cc: Jessie <address@hidden>
Subject: Re: [Jessie-discuss] Handshake timeout - preventing DoS
On Nov 10, 2005, at 1:41 AM, Martin Egholm Nielsen wrote:
Hi Casey,
Trying to make my webserver (more) robust against DoS (Denial of
Service), I've noticed that one can easily make Jessie "occupy"
and block during handshaking. This can obviously be done by
telnet'ing the server on the used port, and then just do anything
with that telnet connection...
So in order to prevent this hanging there forever, flooding the
server with open connections, it would be nice if was possible to
set a timeout value for the handshake.
And now you say, why not just use "setSoTimeout()" from you
application before reading anything from the socket. But that
timeout value will then have influence on the rest of the
"read"'ing that initiated the handshake...
Aha, yes, but you can also register a HandshakeCompletedListener
with the socket that resets the socket timeout to your "normal"
read timeout when the handshake is finished.
Having Jessie do this for you (probably through a security
property) is still a good idea, though; if I did implement this it
would probably use socket timeouts, anyway.