On 2013/02/07 2:02, trans (Thomas Sawyer) wrote:
>
> Issue #7791 has been updated by trans (Thomas Sawyer).
>
>
> @resenfeld After the exception is raised, you can still create symbols. The point is, now you know somethings up and you need to deal with it. So once raised the idea is that you'd report the error (log and redirect user) and then shut down the process, effectively clearing the memory.
>
> Admittedly I am thinking more in terms of short-running processes. If you are using a long-running process to serve many user requests then maybe that's a not as ideal here. But the basic idea remains. Handle the error and shut down. Your server should spin up a new process to take its place on demand. Added bonus, you can log the request IP, maybe if it happens a few times from the same address, you block it.

Here's an idea for a little improvement. Make it possible to increase 
the overall number of symbols. Symbol-creating DoS attacks would then be 
caught as above, get logged/sent a "stop it" page,..., blocked, 
whatever, but the exception catching code would increase the limit so 
the process could continue to run with other threads.

That assumes that you have a pretty good idea of the amount of symbols 
your application creates without attacks, and that that number is 
stable, and not too big (e.g. 5000 or 10000 or so as in a previous mail 
in this thread).

It also assumes that symbols get created up-front, when the application 
is created, and not as a result of running a benign thread. That may be 
somewhat difficult to do (but not impossible).

That way, you could e.g. detect a DoS attack per 1000 symbols, which 
means that you can absorb quite a few DoS attacks per 1G of memory. Of 
course, if I were you, I'd probably restart processes that suffered such 
a DoS attack sooner rather than later, just in case, but that would be a 
separate decision.

Regards,   Martin.