Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack
From: Henri Doreau <henri.doreau () greenbone net>
Date: Sat, 30 Apr 2011 15:42:52 +0200

2011/4/30 Patrik Karlsson <patrik () cqure net>:

There is a limit on the number of open sockets that NSE can have (currently 20)

Just wanted to mention that this value can be changed on the command
line with --max-parallelism.

I read the script and it seems that it cannot handle several targets
because it relies upon the nmap registry to control the threads. The
registry is shared between instances, hence producing undesired
behavior here. A solution can be to use an IP field for each host to
distinguish the entries (like nmap.registry[host.ip]['slowloris']
instead of nmap.registry['slowloris'] for instance). Nevertheless I am
not sure that the nmap registry is well suited to achieve such
inter-thread communications.


Henri Doreau |  Greenbone Networks GmbH  |  http://www.greenbone.net
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]