[Webkit-unassigned] [Bug 214293] New: [SOUP] Artificial delay to WebSocket connection to mitigate port scanning attacks

Mon Jul 13 21:59:24 PDT 2020

https://bugs.webkit.org/show_bug.cgi?id=214293

            Bug ID: 214293
           Summary: [SOUP] Artificial delay to WebSocket connection to
                    mitigate port scanning attacks
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: lmoura at igalia.com
                CC: bugs-noreply at webkitgtk.org

r264306/bug213143 added an artificial delay to NetworkSocketStream when the failure to connect to a WebSocket was caused by a closed port.

Soup-based ports follow another path, with the connection failing in WebSocketTaskSoup.cpp with error SOUP_WEBSOCKET_ERROR_NOT_WEBSOCKET, not distinguishing the detail whether it was due to a closed port or not.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200714/4c148712/attachment.htm>