Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Avoiding Denial of Service attack

Tags:

c++

c

windows

sockets

when I use recv from windows sockets does using recv can lead to denial of service attack ? If it waits for data forever? So what is the best way for solving this (alarms ?)

Thanks & Regards,

Mousey.

like image 341
mousey Avatar asked Aug 09 '10 01:08

mousey

3 Answers

You seem to mis-understand what denial of service means. An example would be a large number of HTTP requests to a single web-server arriving at such a rate that the web-server software becomes so busy it cannot accept new TCP connections. Wikipedia has a decent article on DoS, read it.

recv(2) is just an API. Misuse of it, as any other bug, can lead to issues, including DoS. But that does not mean you should avoid it. If your problem is blocking other sockets while waiting on a read, look into non-blocking sockets and I/O multiplexing as in select(2), poll(2), and epoll(4).

like image 111
Nikolai Fetissov Avatar answered Sep 28 '22 17:09

Nikolai Fetissov

Yes, recv() can block indefinitely. You need to implement some sort of time out.

I would recommend using the boost asio library. It includes things like timers that work seamlessly with socket connections and receive events. Just setup an asynchronous socket, add a timer, and break if the time runs out.

This still doesn't make you immune to DoS attacks, as a flood of requests could still come in during the timeout window. But if might help if you set the timeout quite low.

like image 30
Inverse Avatar answered Sep 28 '22 18:09

Inverse

If you are using Blocking sockets look into adjusting the send() and recv() timeouts with the SO_SNDTIMEO and SO_RCVTIMEO setsockopt() options.

There are lots of little complexities in creating a proper server, I would look into acquiring by begging, borrowing or stealing this one. Here is a sample multithreaded socket server.

Also if you have control over both sides (The client and server socket software) I would create a protocol that has the length of the message to be passed in as the first 2 or 4 bytes of the message, that way you just have to block for that decode the number and keep reading until the number of bytes as elapsed. Do that for both the client and the server and it will make your code a lot simpler.

like image 27
Romain Hippeau Avatar answered Sep 28 '22 17:09

Romain Hippeau
Sign in to Comment

Related questions

throwing an exception causes segmentation fault
Comparison of performance between Scala etc. and C/C++/Fortran?
ITERATOR LIST CORRUPTED in std::string constructor
can i use multiple PCH files in 1 project?
C++ include .h includes .cpp with same name as well?
C++ interpreter conceptual problem
boost.asio's socket's receive/send functions are bad?
Fast read of certain bytes of multiple files in C/C++
How to set input focus to a shown dialog in Qt?
"Temporary object" warning - is it me or the compiler?
What is the rationale for difference between -> and . in c/c++? [duplicate]
Is it possible to use Boehm garbage collector only for the part of the program?
How to evaluate MathML expressions? [closed]
How to build a VS2010 C++ Project on a BuildServer
Interrupt sleep() function
What permissions does a file written with fstream have?
Flash memory data format [duplicate]
How do I HTML-/ URL-Encode a std::wstring containing Unicode characters?
How to allocate a memory with execute permissions?
Using templates to manage glUniform functions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!