23 Oct
2011
23 Oct
'11
10:52 p.m.
Slowloris causes problems with any scarce resource -- threads in a pool, as you mentioned, but a bigger problem for us is running out of file descriptors. If the client is allowed to hold connections open for long enough, an attacker should be able to run the server out of file descriptors using only a handful of machines.
Yes. We need to keep this in our mind: "A chain is no stronger than its weakest link." --Kazu