#63 1.4 -> 1.5 = DOS

[Kaleb Kreft]

When a 1.4 client rapidly trys authenticating itself
with a 1.5 client cpu utilization is driven very high.
(25-30% per connection on a 3000+ Athlon XP) Resulting
in a DOS scenario.

1.5b2 b107
Windows XP SP2

[Chris]

Logged In: YES
user_id=573676

I was unable to reproduce this using 1.4b3 and 1.5b2. There
were short CPU spikes, but nothing major. I expect a
modified client that cycled the connections much faster, or
maybe over a LAN might produce the problem as described.
While some sync processing optimization may lessen the
problem somewhat, I expect it can't really be solved without
a max connects/second setting. I wil add such a setting for
1.5 final.

[Eric]

Logged In: YES
user_id=945916

As I mentioned before, a possible cure for the future is to include version checking in the handshake, and produce and error and/or automatically fail to connect when there is an incompatable version attempting to connect (the newer version would know which older versions it was not compatable with, and automatically fail to connect to those versions. The older version which was denied a connection would either simply fail (if it did not yet have the version checking feature), or present a version mismatch error).

[Adam]

Logged In: YES
user_id=1066359

This is the same problem referred to in 999062. See there
for further detail.