DoS attack possible

[GoogleCodeExporter]

It is highly demanded, to implement an dos(denial of service) blocker.

The easiest way should be, to ask about a simple key file
 like "http://example.com/skipfish_[sha_digest_hex].html"

Original issue reported on code.google.com by res...@googlemail.com on 21 Mar 2010 at 5:05

[GoogleCodeExporter]

Firstly, the project is open source; nothing would prevent a malicious party 
from 
simply removing this check.

Secondly, using a scanner with the intent to launch a denial-of-service attack 
is an 
odd move. There are far more efficient and simpler tools you can use if your 
only goal 
is to overload the server (even Apache benchmarking tool is probably more 
dangerous).

Original comment by lcam...@gmail.com on 21 Mar 2010 at 5:35

• Changed state: Invalid

[GoogleCodeExporter]

What about some decent defaults to -m -g -d -c -r parameter?

Original comment by res...@googlemail.com on 21 Mar 2010 at 6:11

[GoogleCodeExporter]

What's not decent about the defaults, specifically? -m is capped at 10, which 
seems 
rather sensible (with keep-alive hosts in particular). You also can't run the 
scanner 
until you actually look at the documentation and jump through some hops 
(picking a 
dictionary, specifying -o).

DoS defenses should really be implemented on server side; and if this tool is 
causing 
you trouble, you probably have a significant problem anyway.

Original comment by lcam...@gmail.com on 21 Mar 2010 at 8:45