DOS Attack Tests: Security/Security None/Test Cases/006.js
In Step 1 of test, CTT attempts to create all MaxSecureChannels simultaneously, expecting them all to succeed. However, for the last channel request, the server uses a recycled channel. This server behavior is expected according to 1.04 Spec, but not by the CTT. This results in an error in Part 3 of this test.
According to spec (1.04, 10000-4 5.5.2.1):
"To protect against misbehaving Client and denial of service attacks, the Server shall close the oldest SecureChannel that has no Session assigned before reaching the maximum number of supported SecureChannels".

Example:

• If MaxSecureChannels = 100, Part 1 of test will create 100 SecureChannels. According to the test, all channel requests succeed. However, the server will only create 99 because it recycled the oldest channel for the 100th channel request. DISCREPANCY.
• Part 2 will create 10% more overload channels (10 more channels), expecting them all to use recycled channels and pass. PASS.
• Part 3 will close all created channels, expecting the first 10 to fail. However, the first 11 fail. This is because the 10 overload request recycled the first 10 channels (good) PLUS the very first recycled channel for MaxSecureChannel from Step 1. FAIL