For 3 years without a fix, you'll have been able to DDOS your own server with socket.io: https://github.com/LearnBoost/socket.io/issues/438