Closed GoogleCodeExporter closed 9 years ago
Firstly, the project is open source; nothing would prevent a malicious party
from
simply removing this check.
Secondly, using a scanner with the intent to launch a denial-of-service attack
is an
odd move. There are far more efficient and simpler tools you can use if your
only goal
is to overload the server (even Apache benchmarking tool is probably more
dangerous).
Original comment by lcam...@gmail.com
on 21 Mar 2010 at 5:35
What about some decent defaults to -m -g -d -c -r parameter?
Original comment by res...@googlemail.com
on 21 Mar 2010 at 6:11
What's not decent about the defaults, specifically? -m is capped at 10, which
seems
rather sensible (with keep-alive hosts in particular). You also can't run the
scanner
until you actually look at the documentation and jump through some hops
(picking a
dictionary, specifying -o).
DoS defenses should really be implemented on server side; and if this tool is
causing
you trouble, you probably have a significant problem anyway.
Original comment by lcam...@gmail.com
on 21 Mar 2010 at 8:45
Original issue reported on code.google.com by
res...@googlemail.com
on 21 Mar 2010 at 5:05