Re: maximum data over link

From: Bart Vanherck <herckb pandora be>
To: Bowie Owens <bowie owens csiro au>
Cc: orbit-list <orbit-list gnome org>
Subject: Re: maximum data over link
Date: Mon, 27 Sep 2004 10:05:04 +0200

On Mon, 2004-09-27 at 03:31, Bowie Owens wrote:

> As I understand it, the purpose of GIOP_INITIAL_MSG_SIZE_LIMIT is to 
> prevent a DOS attack from consuming memory on a server via large invalid 
> messages. The first time a server receives a valid message it is 
> supposed to record that the client is legit and ignore the size of the 
> messages from then on. So you can send a short "hello" message to the 
> server and then after that send messages of any size. A while ago ORBit 
> was always applying the size limit. I don't know if it still does this 
> as I ended up working around the problem using the command line argument:
> 
> --ORBInitialMsgLimit=4000000000
I did some tests with this and I saw that after first sending an hello 
message, and afterwards retrieving a huge buffer does not work. The 
command line argument does work. 
However I have a little question. This GIOP_INITIAL_MSG_SIZE_LIMIT is 
for me at the "client" side that is preventing to receive a large
buffer. And so I did set the argument for the client only. How does this
prevent a possible DOS ? I did not have to set this argument at the
server side.


regards,

Bart

Follow-Ups:
- Re: maximum data over link
  - From: Bowie Owens

References:
- maximum data over link
  - From: Bart Vanherck
- Re: maximum data over link
  - From: Bowie Owens

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]