Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: DSS possible denial-of-service vulnerability

hey,

basicly, this looks like a variation of the TCP SYN-attack.
i guess you'd need some check in the application (or a firewall in front
of the server) to
keep track of the initiated-but-not-yet-serving connections and keep
these within a reasonable limit.

Mait

-----Original Message-----
From: streaming-server-users-bounces+mait.mandel=email@hidden
[mailto:streaming-server-users-bounces+mait.mandel=email@hidden
m] On Behalf Of Ian Steele
Sent: Tuesday, October 10, 2006 9:07 PM
To: email@hidden
Subject: DSS possible denial-of-service vulnerability

I seem to have found a way to  jam up DSS very easily...

I have an application I have written that lets me audition via rtsp
.mp4 audio only movies on my DSS server. This is simple and
works very well.

However....

I found that if I repeatedly click the same file name, I can open lots
of connections to DSS. This results in one genuine connection that
tries to play, and several 'stale' ones that will eventually time out  
after 2 minutes.
The point is, I can keep clicking till I reach the user-limit, and  
then DSS will
not let other users connect. In fact, it jams up even if there are  
only a few
stale connections 'running'.

Perhaps someone else can see if they can duplicate this, as it
would seem to be a major problem.

I'm running DSS 5.53 under OS X 10.47. I have not modified it in
anyway.

regards,
Ian.

Ian Steele, Senior Engineer, National Film & TV School, UK.




 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Streaming-server-users mailing list
(email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/streaming-server-users/mait.mande
email@hidden

This email sent to email@hidden
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Streaming-server-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/streaming-server-users/email@hidden

This email sent to email@hidden
References: 
 >DSS possible denial-of-service vulnerability (From: Ian Steele <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.