We shouldn't let people DoS us via /sync (SYN-660) #1239

matrixbot · 2016-03-22T14:01:55Z

Submitted by @matthew:matrix.org
If people are hammering us too rapidly on /sync without a timeout or with too small a timeout, presumably we should insert an implicit timeout to slow them down. c.f. the current DoS from 93.92.200.183

(Imported from https://matrix.org/jira/browse/SYN-660)

richvdh · 2020-02-26T22:14:19Z

we also shouldn't let them DoS us via initial /sync.

See also #6998.

olmari · 2022-04-26T12:35:12Z

This can be abused very easily with request that one does not care answer for, just fire away... sent PoC on security email. In order of seconds to make our quite beefy HS to OOM...

matrixbot changed the title ~~We shouldn't let people DoS us via /sync (SYN-660)~~ We shouldn't let people DoS us via /sync (https://github.com/matrix-org/synapse/issues/1239) Nov 7, 2016

matrixbot changed the title ~~We shouldn't let people DoS us via /sync (https://github.com/matrix-org/synapse/issues/1239)~~ We shouldn't let people DoS us via /sync (SYN-660) Nov 7, 2016

richvdh mentioned this issue Jun 2, 2020

Apply limits to requested content from C-S APIs (SYN-204) #1258

Closed

dkasak added T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues. A-Sync defects related to /sync labels Apr 26, 2022

matrixbot mentioned this issue Dec 21, 2023

We shouldn't let people DoS us via /sync (SYN-660) element-hq/synapse#1239

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

We shouldn't let people DoS us via /sync (SYN-660) #1239

We shouldn't let people DoS us via /sync (SYN-660) #1239

matrixbot commented Mar 22, 2016

richvdh commented Feb 26, 2020

olmari commented Apr 26, 2022

We shouldn't let people DoS us via /sync (SYN-660) #1239

We shouldn't let people DoS us via /sync (SYN-660) #1239

Comments

matrixbot commented Mar 22, 2016

richvdh commented Feb 26, 2020

olmari commented Apr 26, 2022