[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Brian <belstsrv at nauticom dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: Severe Problem with 1.2b1 HTTPS support
 Date:  Thu, 21 Oct 2004 18:30:19 +0200
On 21.10.2004 11:35 -0400, Brian wrote:

> Perhaps this is something that could be made in to a parameter in
> m0n0?  I am not sure of the logic of the 16 limitation, but it
> seems logical that something like this could/should be able to be
> changed.
> Maybe someone on the dev team could respond?

It is unlikely that you should need more than 16 concurrent
connections to the captive portal's HTTP(S) daemon. That would
translate to several clients logging in every second (as the HTTP(S)
server is only needed twice per session) - not the kind of setup that
the captive portal (or m0n0wall in general) was made for. Removing
the limit makes you vulnerable to DoS attacks by memory exhaustion
that affect other parts of m0n0wall. The problem in this case doesn't
seem to be the limit per se, but the way it's implemented. I'm hoping
Dinesh Nair (who implemented the limit in the first place for the
webGUI) will get a chance to investigate this issue.

- Manuel