subject:"\[Dailydave\] SMBLoris"

Re: [Dailydave] SMBLoris

2017-08-10 Thread Bob Auger

TLDR: Sockets/connections can always be exhausted at the app level based on the hardware, configuration, and design. 1. Discuss loris. 2. Hype the media on #1 3. Discuss that DOS is still bad (no debate) 4. Inform users of configuration/rate limiting opportunities/hardware/fault tolerance design

Re: [Dailydave] SMBLoris

2017-08-08 Thread Konrads Smelkovs

Mostly due to BCP. Guys that do construction can probably live without a domain controller for a bit -- Konrads Smelkovs Applied IT sorcery. On 8 August 2017 at 19:27, Dave Aitel wrote: > So I know it's Microsoft Tuesday, but we've been working on that SMBLoris > bug a

Re: [Dailydave] SMBLoris

2017-08-08 Thread Oliver Friedrichs

c.com" <dailydave@lists.immunityinc.com> Subject: [Dailydave] SMBLoris So I know it's Microsoft Tuesday, but we've been working on that SMBLoris bug a bit more for release to customers as well, and as part of that, we're spending a lot of time thinking about it, as deceptively simple as it is.

[Dailydave] SMBLoris

2017-08-08 Thread Dave Aitel

So I know it's Microsoft Tuesday, but we've been working on that SMBLoris bug a bit more for release to customers as well, and as part of that, we're spending a lot of time thinking about it, as deceptively simple as it is. The thing I'm wondering is why people outside of FinancialSec think DoS