Re: [Sks-devel] simple DoS against SKS's HKP interface :/

[John Clizbe]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1,SHA256

Daniel Kahn Gillmor wrote:
> Hey SKS folks--
> 
> It appears that SKS 1.1.1's hkp interface is vulnerable to an ugly DoS
> attack by a client holding open a network connection without completing
> an HTTP request.
> 
<snip>
> 
> ---
> 
> I'd be very happy to learn that i'm wrong about all of this, or that my
> sks instance is somehow misconfigured.  Please let me know if that's the
> case!

The default setting for wserver_timeout is 180 seconds.
Does setting it to a lower value in sksconf help?

- -John

- -- 
John P. Clizbe                      Inet: John (a) GingerBear DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:address@hidden

                   Cowboy Haiku -- Reflections on Rodeo
So many Cowboys. / Round Wrangler butts drive me nuts. / Never enough rope.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12-Release-2012-01-12 (Windows XP)
Comment: When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Comment: Be part of the £33† ECHELON -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPZo/gAAoJECMTMVxDW9A0BBgIAM/EEz+Sl2196wgkpqcFYOk1
c5Ls1wIBodjXRkjqqamNxKSFxa2Hml0XYvBxkSeQlpzcfYU5WR/O+2mSuHOvVZUk
+TJJl7yr38fq2VHS6WG70MurUKgczdGjrkwqnmP35lzjU00H/o3bVDlj+wngafCq
XbAl2TZGA53sE3zSFNyChdEzpKRioyEa3cbBYi0NmRhLW5VSJIQE4yHDtnr+Zk1e
rxQG2iFk0qt4SjQ1wJdRDRl1X7L09Yofzvx8sOutTTONw+9SILIRiPSRFfDTB/A8
oU7Rj/r3s1nHIh1S5Mu5ngt36TE9ddLuTsZ+AfWO7aObB2iaJx0WVIPOp+31hrWI
XgQBEQgABgUCT2aP4AAKCRDrXhnz1laYJVHUAP9u1W4OVK4RD8n3Z8BwXA2a9dER
cOIKkmrIh9O0gErYqwD+IPnurFzAb5VaVBj844VzMjx0YaJDrzTDAvrwrUgOGus=
=E+o5
-----END PGP SIGNATURE-----