Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack
From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 30 Apr 2011 16:29:21 +0200

On Apr 30, 2011, at 3:42 PM, Henri Doreau wrote:

2011/4/30 Patrik Karlsson <patrik () cqure net>:

There is a limit on the number of open sockets that NSE can have (currently 20)

Just wanted to mention that this value can be changed on the command
line with --max-parallelism.

Good point.

I read the script and it seems that it cannot handle several targets
because it relies upon the nmap registry to control the threads. The
registry is shared between instances, hence producing undesired
behavior here. A solution can be to use an IP field for each host to
distinguish the entries (like nmap.registry[host.ip]['slowloris']
instead of nmap.registry['slowloris'] for instance). Nevertheless I am
not sure that the nmap registry is well suited to achieve such
inter-thread communications.

I agree that this is a problem and I think it's better to avoid using the registry for inter-thread communication.
In some of the cases it's not very clear to me why the information is passed through the registry instead of using a 
However, I must admit I've just briefly looked at the script.

While there aren't a lot of scripts making use of threads, there are a few. Have a look at them for inspiration and 
guidance in how to do threaded work in NSE.
For example for counting running threads at a given time you could have a look at the threadCount function in brute.lua.


Henri Doreau |  Greenbone Networks GmbH  |  http://www.greenbone.net
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner

Patrik Karlsson

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]