[issue13891] CPU DoS With Python's socket module
New submission from John Zimmerman : Python's socket module as included in Ubuntu Lucid (python version 2.6.5) does not correctly handle and exclude malformed UDP packets. This means that UDP listening programs written in python on this version are susceptible to malformed-UDP-packet based DoS attacks which cause severe CPU spikes in the python process. The spikes to recover once the attacks cease. If malformed UDP packets are properly identified in the library and excluded this will protect all UDP listening software written in python and using the standard sockets module from similar attacks. Currently all such software is vulnerable to such attacks. -- components: Library (Lib) messages: 152103 nosy: johzimme priority: normal severity: normal status: open title: CPU DoS With Python's socket module type: security versions: Python 2.6 ___ Python tracker <http://bugs.python.org/issue13891> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13891] CPU DoS With Python's socket module
John Zimmerman added the comment: Thanks for your quick response, I downloaded the ISIC tool and used the following command to identify the problem: udpsic -s rand -d server-ip-address,port where port is 514 (syslogd) which uses a python script to process the incoming messages. The command 'netstat -lnup | grep 514' shows python as the bound application. Thanks, John -Original Message- From: Antoine Pitrou [mailto:rep...@bugs.python.org] Sent: Friday, January 27, 2012 12:47 PM To: John Zimmerman (johzimme) Subject: [issue13891] CPU DoS With Python's socket module Antoine Pitrou added the comment: What do you call "malformed UDP packets" and how should they be detected by the library? -- nosy: +pitrou ___ Python tracker <http://bugs.python.org/issue13891> ___ -- ___ Python tracker <http://bugs.python.org/issue13891> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13891] CPU DoS With Python's socket module
John Zimmerman added the comment: Hi Antoine, The issue is that the CPU spikes to ~90% utilization for the server during the attack, for as long as the attack lasts. So the theory is that Python isn't throttling or processing the malformed packets properly. Copying Renier for any additional info. Thanks, John -- ___ Python tracker <http://bugs.python.org/issue13891> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
