You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is highly demanded, to implement an dos(denial of service) blocker.
The easiest way should be, to ask about a simple key file
like "http://example.com/skipfish_[sha_digest_hex].html"
Original issue reported on code.google.com by res...@googlemail.com on 21 Mar 2010 at 5:05
The text was updated successfully, but these errors were encountered:
Firstly, the project is open source; nothing would prevent a malicious party
from
simply removing this check.
Secondly, using a scanner with the intent to launch a denial-of-service attack
is an
odd move. There are far more efficient and simpler tools you can use if your
only goal
is to overload the server (even Apache benchmarking tool is probably more
dangerous).
Original comment by lcam...@gmail.com on 21 Mar 2010 at 5:35
What's not decent about the defaults, specifically? -m is capped at 10, which
seems
rather sensible (with keep-alive hosts in particular). You also can't run the
scanner
until you actually look at the documentation and jump through some hops
(picking a
dictionary, specifying -o).
DoS defenses should really be implemented on server side; and if this tool is
causing
you trouble, you probably have a significant problem anyway.
Original comment by lcam...@gmail.com on 21 Mar 2010 at 8:45
Original issue reported on code.google.com by
res...@googlemail.com
on 21 Mar 2010 at 5:05The text was updated successfully, but these errors were encountered: