We are running a network analyzer . And we log info which are in the HTTP reques

Question

We are running a network analyzer . And we log info which are in the HTTP request headers and HTTP response code.

Because in keep alive connection request may come without responses. I push requests to a queue and wait until response. Because my customers requires also response code I have to wait for response header.

I have a length control before I push more request to my queue, if there 10000 request waiting for response from the client I won't push request header info anymore.

Our product has been running for years on serious network traffics(10g/sec). Now in one of the customer site I saw alarms about maximum number of request in the queue .

I am wondering if that could be a attack or something unnormal? Is there any known case about like http request spoofing?

Explanation / Answer

10000 outstanding requests in a single HTTP connection is certainly evidence that something has gone wrong. There are three likely possibilities here:

1. The server has partially crashed, such that it is accepting requests but no longer processing them.

2. The client is sending requests faster than the server can process them.

3. Something has changed in the server, and you are no longer able to identify the responses.

Any of these could be the result of an attack or of an ordinary malfunction; a deliberate design change is also a possibility. You'll need to investigate further to tell which is the case.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.