Spamming io(); is a potential DoS on the server.

[dunnousername]

Hello,
I'm not good with programming much and am mostly self taught; however, I noticed that creating many connections per IP is possible simply by executing io(); or a while(condition) io();. I'm not completely sure how socket.io works, but this is a potential security flaw.

Perhaps limiting the connections per IP is an option?

[zac-garby]

A possible fix might be, after created the initial socket via io(), setting io = undefined. It seems a bit hacky, but it should work.