While stress-testing our ASP.NET app, we discovered a flaw in our test
set-up, which also reveals a flaw in our ASP.NET configuration that we do
not know how to address.
We simulated too many clients, making requests faster than the bandwidth on
that part of the network could consume the responses. It seems that the
inability of the requestors to receive their responses causes IIS, and/or
aspnet_wp.exe, to eventually max-out its threads and come to its knees.
We changed our unrealistic virtual client distribution and distributed our
load generation to other parts of the network. Our app then did fine.
But.it seems that configuring more response load on the network than the
bandwidth can handle is a type of denial of service attack against
IIS/ASP.NET. How can we configure IIS and/or ASP.NET to prevent this?
3  1854 
Jack Fox wrote: We simulated too many clients, making requests faster than the
bandwidth on that part of the network could consume the responses. It
seems that the inability of the requestors to receive their responses
causes IIS, and/or aspnet_wp.exe, to eventually max-out its threads
and come to its knees.
But.it seems that configuring more response load on the network than
the bandwidth can handle is a type of denial of service attack against
IIS/ASP.NET. How can we configure IIS and/or ASP.NET to prevent this?
It's hard to believe that you could have exceeded bandwidth limitations in
this scenario. It seems more likely that you stressed the box. However,
without some perfmon data, it's hard to say where you hosed yourself.
There are so many places where a performance problem can happen. If you're
in GC too much, you will see this kind of behavior. When we're in GC (or
when CPU reaches a certain threshold), new worker threads are not spun up to
handle requests. It's also possible that you might not have enough
completion port threads available. You also might not have enough worker
threads or too many worker threads.
Without details, it's impossible to say. However, there is a test you can
run. When you're bogged down, do HTML/ASP pages serve okay? If so, it's
likely something from paragraph 2. If not, something unrelated to ASP.NET
is going on.
--
Jim Cheshire
JIMCO Software http://www.jimcosoftware.com
FrontPage add-ins for FrontPage 2000 - 2003
I should have mentioned the reason I know we exceeded the bandwidth is
because we were simulating 1,200 clients with 3 - 6 seconds between each
client request, requesting pages that are up to 100kb. If you do some back
of the envelope arithmetic you'll probably agree that all of that request
and response traffic to one machine connected through one 100mbs connection
will exceed the bandwidth.
When we distributed the client load over several machines so that we didn't
have the 100mbs bandwidth constraint, everything worked fine.
The point I'm trying to make is that by making requests that will generate
too much response traffic for the client network node, you are in effect
performing a denial of service attack on the IIS/ASP.NET server. We've
boosted our thread count before, and your suggestion of looking at the
completion port threads is probably worthwhile, but it seems that a
malicious client could still overwhelm the server because there is alway a
thread limit. Is there any way to short-circuit this kind of attack?
"JIMCO Software" <co*******@jimc osoftware.com> wrote in message
news:%2******** *******@TK2MSFT NGP15.phx.gbl.. . Jack Fox wrote: We simulated too many clients, making requests faster than the
bandwidth on that part of the network could consume the responses. It
seems that the inability of the requestors to receive their responses
causes IIS, and/or aspnet_wp.exe, to eventually max-out its threads
and come to its knees.
But.it seems that configuring more response load on the network than
the bandwidth can handle is a type of denial of service attack against
IIS/ASP.NET. How can we configure IIS and/or ASP.NET to prevent this?
It's hard to believe that you could have exceeded bandwidth limitations in
this scenario. It seems more likely that you stressed the box. However,
without some perfmon data, it's hard to say where you hosed yourself.
There are so many places where a performance problem can happen. If
you're in GC too much, you will see this kind of behavior. When we're in
GC (or when CPU reaches a certain threshold), new worker threads are not
spun up to handle requests. It's also possible that you might not have
enough completion port threads available. You also might not have enough
worker threads or too many worker threads.
Without details, it's impossible to say. However, there is a test you can
run. When you're bogged down, do HTML/ASP pages serve okay? If so, it's
likely something from paragraph 2. If not, something unrelated to ASP.NET
is going on.
--
Jim Cheshire
JIMCO Software
http://www.jimcosoftware.com
FrontPage add-ins for FrontPage 2000 - 2003
Jack Fox wrote: I should have mentioned the reason I know we exceeded the bandwidth is
because we were simulating 1,200 clients with 3 - 6 seconds between
each client request, requesting pages that are up to 100kb. If you do
some back of the envelope arithmetic you'll probably agree that all
of that request and response traffic to one machine connected through
one 100mbs connection will exceed the bandwidth.
When we distributed the client load over several machines so that we
didn't have the 100mbs bandwidth constraint, everything worked fine.
Jack,
What you are describing here would not cause a DoS.
As for increasing worker threads, I didn't suggest that you do that. You
would only do that if you have available CPU to process them and currently
have no requests queued. What I was suggesting is that you need to use
performance data (via Perfmon logs) to determine where your perf problem is.
It doesn't seem to me that you've done that.
--
Jim Cheshire
JIMCO Software http://www.jimcosoftware.com
FrontPage add-ins for FrontPage 2000 - 2003 This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: wireless |
last post by:
I've written code that dynamically builds an sql query based on
various constraint possibilities.
The problem is the code would have been very complex had I not come up
with a dummy constraint as a kind of place holder in the statement.
To avoid complex logic that determines if there was another constraint
before any other constraint and hence the need to add, say, AND or
not, I came up with a dummy constraint so that every subsequent...
|
by: Sudip Chakraborty |
last post by:
Is there a way to see constraint validation errors while loading xml into a
DataSet ? I'm interested in the line number in the xml file which is causing
the error. I've enclosed the relevant stack trace below.
at System.Data.DataSet.FailedEnableConstraints()
at System.Data.DataSet.EnableConstraints()
at System.Data.DataSet.set_EnforceConstraints(Boolean value)
|
by: yongsing |
last post by:
I have two tables as shown below (only relevant columns shown). The
second table is dependent on the first one.
CREATE TABLE PARENTTABLE (
...
SERIAL CHAR(12) NOT NULL,
ENDDATE TIMESTAMP NOT NULL,
PKLINK INTEGER GENERATED ALWAYS AS IDENTITY (START WITH -2147483648,
INCREMENT BY 1),
PRIMARY KEY (PKLINK),
|
by: Darius |
last post by:
I was having an issue inserting data into a table in an I-Series DB2
database. The Insert statement itself is very simple:
Insert into Table1
select * from Table2
These two tables have identical structures.
What happens is that the process gets locked and one cannot kill it
regardless of what one does. The only solution seems to be to IPL the
|
by: D. Dante Lorenso |
last post by:
I'm trying to build a table that will store a history of records
by enumerating the records. I want the newest record to always
be number ZERO, so I created a trigger on my table to handle the
assignment of version numbers:
CREATE TRIGGER "trg_audio_file_insert" BEFORE INSERT
ON "public"."audio_file" FOR EACH ROW
EXECUTE PROCEDURE "public"."trg_audio_file_insert"();
My trigger function looks like this...
| | |
by: Doug Laidlaw |
last post by:
I know that this thread is inappropriate for this list, but c.i.w.a.servers
is dead at my address.
Google has been around to my site twice this month and downloaded almost a
GB, putting me over my bandwidth limit both times I imagine that if I
wasn't paying a flat fee, that would be costing me money.
Is there a way of limiting this while at the same time allowing Google
reasonable indexing? I imagine that they are downloading the...
|
by: Steven Bethard |
last post by:
I'm trying to solve a constraint-satisfaction problem, and I'm having
some troubles framing my problem in such a way that it can be
efficiently solved.
Basically, I want to build groups of two teachers and four students such
that :
* Students are assigned to exactly one group
* Teachers are assigned to approximately the same number of groups
* Students are not in groups with their homeroom teachers
|
by: FrobinRobin |
last post by:
Hi,
I intend to use Ajax for a kiosk application, it's primary usage is to
retrieve live data from my DB, it's a fairly small amount of data (5
fields, of small data size and limited to 15 rows).
When I check my server logs I can see that the kiosk page has used a
fair amount of bandwidth this month, this is obviously because a
javascript timeout refreshes the data every 10 seconds. What I need to
know is how to calculate the...
|
by: rorajoey |
last post by:
Violation of UNIQUE KEY constraint 'IX_surveyQuestions'. Cannot insert duplicate key in object 'dbo.surveyQuestions'.
This might seem like a simple matter of trying to insert a row with ID=20 when there's already one with that ID, but the problem is a bit more complicated. The table is supposed to auto-increment the value for the primary key when a new record is inserted. But no matter what I do, I can't seem to insert more than one record...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
