SoftEther VPN User Forum

SoftEther VPN User Forum
https://forum.vpngate.net/

Vulnerability scan show slowloris vulnerability

https://forum.vpngate.net/viewtopic.php?f=7&t=64080

Page 1 of 1

Vulnerability scan show slowloris vulnerability

Posted: Mon Apr 08, 2019 5:06 pm
by clebourgeois
How is everyone else handling things like slowloris? I would assume it be more of an http request timeout to handle the incomplete HTTP requests but I am having a problem deciphering which setting, if any, would mitigate the attack.

Instead of trying several settings related to connection timeouts I thought you may know the easy answer.

Re: Vulnerability scan show slowloris vulnerability

Posted: Mon Apr 08, 2019 5:52 pm
by clebourgeois
Also to specify, the CVE is:

https://nvd.nist.gov/vuln/detail/CVE-2017-7670

Re: Vulnerability scan show slowloris vulnerability

Posted: Mon Apr 08, 2019 5:59 pm
by clebourgeois
Some settings I was planning on playing with.

uint MaxConnectionsPerIP
uint MaxUnestablishedConnections
uint max_sessions
uint max_sessions_client

Re: Vulnerability scan show slowloris vulnerability

Posted: Wed Apr 10, 2019 2:14 pm
by clebourgeois
155 views and no ideas?

Re: Vulnerability scan show slowloris vulnerability

Posted: Tue Jun 04, 2019 9:39 am
by cedar
MaxConnectionsPerIP doesn't work?
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/