TLDR: Sockets/connections can always be exhausted at the app level based on
the hardware, configuration, and design.
1. Discuss loris.
2. Hype the media on #1
3. Discuss that DOS is still bad (no debate)
4. Inform users of configuration/rate limiting opportunities/hardware/fault
tolerance design
Mostly due to BCP. Guys that do construction can probably live without a
domain controller for a bit
--
Konrads Smelkovs
Applied IT sorcery.
On 8 August 2017 at 19:27, Dave Aitel wrote:
> So I know it's Microsoft Tuesday, but we've been working on that SMBLoris
> bug a
c.com" <dailydave@lists.immunityinc.com>
Subject: [Dailydave] SMBLoris
So I know it's Microsoft Tuesday, but we've been working on that SMBLoris bug a
bit more for release to customers as well, and as part of that, we're spending
a lot of time thinking about it, as deceptively simple as it is.
So I know it's Microsoft Tuesday, but we've been working on that SMBLoris
bug a bit more for release to customers as well, and as part of that, we're
spending a lot of time thinking about it, as deceptively simple as it is.
The thing I'm wondering is why people outside of FinancialSec think DoS