fuzzing-bug discovery - Denial of Service attack resolved using timeout

ravthan / all-eyes

Automatically exported from code.google.com/p/all-eyes

0 stars 0 forks source link

fuzzing-bug discovery - Denial of Service attack resolved using timeout #121

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago


Through fuzzing figured that if the SSL client doesn't send anything to daemon 
in 30 seconds (Heartbeat), then it doesn't time out.

Filing a bug.

Discovered through fuzzing around with aeProxy,

ravi.

Original issue reported on code.google.com by ravt...@gmail.com on 30 Nov 2012 at 1:29

GoogleCodeExporter commented 8 years ago

If the SSL client is not active for 45 seconds, then the connection will get 
dropped,
ravi.

r995

Original comment by ravt...@gmail.com on 1 Dec 2012 at 2:34

Changed title: fuzzing-bug discovery - Denial of Service attack resolved using timeout
Changed state: Fixed

GoogleCodeExporter commented 8 years ago

Verified with unit testing

Original comment by tbrt....@gmail.com on 9 Dec 2012 at 9:24

Changed state: Verified