Questions tagged [denial-of-service]

Denial-of-service (or DoS) is the intentional attack of a machine or resource, aiming to make unavailable to its intended users, often by overloading it with artificially crafted requests.

Filter by
Sorted by
Tagged with
89votes
10answers
60kviews

How to enable DDoS protection?

DDoS (Distributed Denial of Service Attacks) are generally blocked on a server level right? Is there a way to block it on a PHP level, or at least reduce it? If not, what is the fastest and most ...
user avatar
  • 14.8k
41votes
6answers
20kviews

Security implications of adding all domains to CORS (Access-Control-Allow-Origin: *)

It is said that instead of adding all domains to CORS, one should only add a set of domains. Yet it is sometimes not trivial to add a set of domains. E.g. if I want to publicly expose an API then for ...
user avatar
  • 8,468
25votes
3answers
3kviews

Denial of Service - http proxy - React

I am pretty sure that this error appeared only today and it never occurred before. When I create a new react app, the process found 1 high vulnerability: High: Denial of Service ...
user avatar
  • 277
24votes
8answers
48kviews

Most Robust way of reading a file or stream using Java (to prevent DoS attacks)

Currently I have the below code for reading an InputStream. I am storing the whole file into a StringBuilder variable and processing this string afterwards. public static String ...
user avatar
  • 3,003
21votes
4answers
9kviews

Protect yourself against Dos attacks

This might be something more suited for Serverfault, but many webdevelopers who come only here will probably benefit from possible answers to this question. The question is: How do you effectively ...
user avatar
  • 13.7k
19votes
1answer
14kviews

Can I use AWS route 53 and Cloudflare at the same time?

Currently, I am using Route53 to manage my domains, subdomains etc. But I want to add DDoS protection to my endpoints. So I want to use Cloudflare also. But I couldn't find a way to use two of them at ...
user avatar
  • 193
18votes
3answers
13kviews

Best practices for detecting DOS (denial of service) attacks? [closed]

I am looking for best practices for detecting and preventing DOS in the service implementation (not external network monitoring). The service handles queries for user, group and attribute information. ...
user avatar
  • 6,139
17votes
3answers
10kviews

Best practices for preventing Denial of Service Attack in Django [closed]

What are the best practices in Django to detect and prevent DoS attacks... Are there any ready to use apps or middleware available which prevents website access and scan through bots?
user avatar
13votes
1answer
651views

Denial of Service attack on Parse.com app

I'm writing a small web application as I'm learning to use the features of Parse.com. Since application_id and javascript_key are both public (as explained in the doc), it means anyone is free to run ...
user avatar
  • 6,036
12votes
2answers
3kviews

How can I use PHP's various XML libraries to get DOM-like functionality and avoid DoS vulnerabilities, like Billion Laughs or Quadratic Blowup?

I'm writing a web application that has an XML API in PHP, and I'm worried about three specific vulnerabilities, all related to inline DOCTYPE definitions: local file inclusion, quadratic entity blowup,...
user avatar
  • 538
11votes
1answer
1kviews

How was the hash collision issue in ASP.NET fixed (MS11-100)? [closed]

As reported by Slashdot, MS issued an update to ASP.NET to fix the hash collision attack today. (Listed as "Collisions in HashTable May Cause DoS Vulnerability - CVE-2011-3414" on the linked Technet ...
user avatar
  • 224k
10votes
3answers
3kviews

Does Windows Azure have anything readily available against denial of service attacks?

We're developing a web service hosted in Windows Azure. We expect that at some moments bad guys try to DDOS it. I Googled and didn't find anything new and definitive (this one is rather vague) about ...
user avatar
  • 163k
10votes
1answer
4kviews

nodejs server against DOS attacks [closed]

I'm in the process of writting a highly scaleable browser based web chat server using nodejs. The concept involved is simple - first it checks browser for websocket support. If not suported or ...
user avatar
9votes
5answers
1kviews

Which kind of webapps can realistically be affected by the floating bug?

There's an easy way to totally lock a lot of JVM: class runhang { public static void main(String[] args) { System.out.println("Test:"); double d = Double.parseDouble("2.2250738585072012e-308"); ...
user avatar
  • 26.9k
8votes
3answers
414views

How to protect an OpenID consumer against abuse?

I am considering OpenID as a login method for my PHP application, but there is one thing that prevents me from continuing: how can I protect an OpenID consumer against abuse? An example of abusing ...
user avatar
8votes
1answer
502views

How can I protect my Meteor server from an infinite loop on the client?

I've run into a situation where an infinite loop on the client is crashing the Meteor server. The infinite loop is a bug that I will fix, and not the subject of this question. My concern is that a ...
user avatar
  • 8,944
7votes
3answers
394views

jdk.serialFilter is not working for restricting depth of TreeMap in Java (prevent DoS attack through Java)

How to prevent DoS attack through Java TreeMap? My code has an API which accepts a Map object. Now I want to prevent client to send Map objects of certain length. Now maxarray in jdk.serialFilter is ...
user avatar
  • 274
7votes
5answers
353views

Reliably stopping an unresponsive thread

I'm wondering how to stop an unresponsive thread in Java, such that it's really dead. First of all, I'm well aware of Thread.stop() being deprecated and why it should not be used; there are already ...
user avatar
  • 458
7votes
3answers
328views

Server friendly slowban. Possible?

How is it possible to implement a slowban that will not be a tool for DoS to our site? The problem is that a deliberate delay in serving an http response will keep server resources busy (web server ...
user avatar
  • 31.2k
7votes
0answers
1kviews

Azure Web app vulnerable to HTTP Slow Post attack

We have a web app that is being hosted on Azure and have run Qualys security scans against it that tell us that it is vulnerable to an HTTP Slow Post attack. The analysis from Qualys tells us that it ...
user avatar
  • 71
6votes
6answers
4kviews

How to detect inbound HTTP requests sent anonymously via Tor?

I'm developing a website and am sensitive to people screen scraping my data. I'm not worried about scraping one or two pages -- I'm more concerned about someone scraping thousands of pages as the ...
user avatar
6votes
1answer
398views

MongoDB ReDOS test

I was reading about ReDOS. https://en.wikipedia.org/wiki/ReDoS It seems if you run this code in Node.js: console.time('aaa'); /^(a+)+$/.test('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!') console.timeEnd('aaa');...
user avatar
6votes
1answer
133views

Why is CVE-2021-33623 vulnerable to ReDoS?

CVE-2021-33623 states that the following code (fixed in this commit, which includes test cases) has issues related to ReDoS: trimNewlines.end = string => string.replace(/[\r\n]+$/, ''); But why ...
user avatar
  • 93
5votes
2answers
7kviews

Blocking IP addresses, preventing DoS attacks

So this is more of a general question on the best practice of preventing DoS attacks, I'm just trying to get a grasp on how most people handle malicious requests from the same IP address which is the ...
user avatar
  • 44.3k
5votes
5answers
3kviews

How to Avoid DOS Attack using Berkeley Sockets in C++

I'm working my way through UNIX Network Programming Volume 1 by Richard Stevens and attempting to write a TCP Echo Client that uses the Telnet protocol. I'm still in the early stages and attempting ...
user avatar
5votes
3answers
3kviews

ASP.NET Web application prevent denial of service attacks

What tools or techniques can I use to protect my ASP.NET web application from Denial Of Service attacks
user avatar
  • 31.3k
5votes
5answers
965views

'Forgot Password' throttling

I have a 'forgot password' system set up that sends an email with a reset link to the user. M question is: How can I prevent abuse of this system? How can I make sure that people don't use this to ...
user avatar
  • 2,303
5votes
3answers
1kviews

Can't Access Plesk Admin Because Of DOS Attack, Block IP Address Through SSH?

I can't access Plesk Amdin because of DOS attack; can I block a hostname or IP address through SSH? If so, how would I be able to do this? Thank you!
user avatar
  • 523
5votes
3answers
4kviews

Servlet filters for abuse prevention? (DoS, spam, etc)

I'm looking for a servlet filter library that helps me secure our web service against unauthorized usage and DDoS. We have "authorized clients" for our web service, so ideally the filter would help ...
user avatar
  • 3,575
5votes
2answers
938views

TripleDESCryptoServiceProvider - vulnerable to Denial of Service?

We have a legacy ASP.NET site which uses the encryption methods here: http://www.codekeep.net/snippets/af1cd375-059a-4175-93d7-25eea2c5c660.aspx When we call the following method, the page loads ...
user avatar
  • 19.8k
5votes
1answer
1kviews

Request queue in Play framework

I have recently faced a problem with request queue in Play framework. When server is overloaded and is unable to handle request on time requests are put in the queue. Even if requester disconnects ...
user avatar
5votes
2answers
588views

how to protect Webservice against Denial of Service attack?

What can I do to protect Web service/ WebBroker application against Denial of Service attack? the attack causes IIS to create huge amount of webbroker instances at the same moment of time. the ...
user avatar
4votes
2answers
5kviews

smurf attack using C#

I am currently developing an application for my Networks Security project, which involves launching of smurf attack using C#. Smurf attack includes that u send a packet to any server (let's say yahoo,...
user avatar
  • 1,159
4votes
1answer
8kviews

How to Prevent Dos attack for BufferedReader readLine() method in Java?

I have situation where I am using BufferedReader readLine() to read data from a socket, but readline() reads data until it finds new line character/ return carriage in the Data. And if my data does ...
user avatar
  • 193
3votes
5answers
2kviews

Protect against a DoS attack without a CAPTCHA

I'd love to know a good way to protect against DoS attacks on my email and contact forms. I have a "Share with a Friend" function which opens up a form I've created, but I'd rather not put in a ...
user avatar
  • 14.7k
3votes
4answers
2kviews

Denial of Service - how to prevent this

I keep getting spam attempts from a single IP address at a time (though this single IP address changes daily) trying to lucky-guess executable files on my web server. They all trace back to the same ...
user avatar
3votes
1answer
596views

Secure UDP Socket Programming

What are good programming practices in regards to blocking DoS attacks on a UDP client/server? The only thing that comes to mind at the moment is ignoring packets with the wrong sources, as such (...
user avatar
  • 2,678
3votes
3answers
4kviews

PHP: Opening URLs concurrently to simulate a DOS attack?

I have configured my server with various anti-DOS modules (mod_qos, mod_evasive etc). What I want to do now is run a simple PHP scrip that calls URLs on my site multiple times, in order to reach the ...
user avatar
  • 14.8k
3votes
3answers
513views

SYN Denial Of Service attack

This may be a trivial question. This is regarding Syn Cookie. Why only half open connections are only considered as DOS attack. It may be possible that a client completes the handshake (SYN, SYN-ACK,...
user avatar
3votes
4answers
1kviews

Decorating a HashMap adding randomness to prevent (D)DoS

EDIT by the way the point of the workaround here is to reuse all the existing HashMap (like the ConcurrentHashMap etc.) instead of re-inventing entirely the wheel. Languages using randomized hash ...
user avatar
  • 4,193
3votes
2answers
1kviews

DOS protection in rails

It seems most people advice going with some sort of hardware solution in load balancers for DOS attacks. I notice if you try to do a curl on any major/semi-major website you get a 301. For someone ...
user avatar
  • 1,866
3votes
2answers
2kviews

How to prevent large file upload from server side

I am looking to prevent my application from DoS attacks of the type resource consumption. It means an attacker can consume the server resources such as memory & disc capacity by uploading large ...
user avatar
3votes
2answers
332views

Security question: excessive Drupal requests from a single user account [closed]

I've notice some strange behaviour on my Drupal site. I like to understand the data I'm looking at before I take action so that I don't waste time pursuing the wrong measures, but I'm lacking security ...
user avatar
3votes
1answer
441views

Best practice for protecting against Denial of Service(DoS) attacks in ASP.NET Core

I'm looking for best practice advice/guidance (perhaps from Microsoft?) regarding denial of service (DoS) protection/mitigation for ASP.NET Core web applications. The main two options I have found so ...
user avatar
  • 7,849
3votes
1answer
585views

Is Azure active directory vulnerable to DoS or DDOS attacks

If I add Azure AD to a cloud architecture do I still need to add a WAF to protect against DOS/DDOS specifically? If attacks can’t get past authentication being the premises of the question.
user avatar
3votes
0answers
664views

Mobile App Web Service Security

I am building an android app which consumes a soap web service that I have hosted on my server. I will have client apps for other mobile OS also in the near future. There are a few concerns with the ...
user avatar
3votes
0answers
606views

LimitRequestBody not preventing large upload

I am having a problem with the LimitRequestBody directive. Although it will return a 413 error for a file that exceeds the limit (the standard "413 Request Entity Too Large" page), it doesn't appear ...
user avatar
2votes
2answers
342views

Stop users from locking up crashing Linux machine using simple C code

Is there a way to prevent users from locking up a linux machine with code something along the lines of: #import <stdio.h> int main (int argc, char** argv) { while (1) fork(); } The ...
user avatar
  • 13.3k
2votes
2answers
2kviews

Undetectable DoS attack with an invalid IP [closed]

in Security+ book, it has been told that DoS attack can be undetectable and an attacker can use an invalid IP address. what did it mean by Invalid IP address? is it a zombie IP? how can we face with ...
user avatar
  • 237
2votes
3answers
20kviews

how to know if snort detects syn flood attacks since snort alert is not logging any thing

I have snort running on Centos as IDS.  I am trying to test if snort can detect the syn flood attack. I am sending the attack from the same LAN network. I added this rule in local.rules alert tcp !$...
user avatar
  • 31

15 30 50 per page
1
2 3 4 5