diff --git a/proxy/vmess/vmessin.go b/proxy/vmess/vmessin.go
index ac142d99..c243cd39 100644
--- a/proxy/vmess/vmessin.go
+++ b/proxy/vmess/vmessin.go
@@ -5,6 +5,7 @@ import (
 	"io"
 	"net"
 	"strconv"
+  "time"
 
 	"github.com/v2ray/v2ray-core"
 	v2io "github.com/v2ray/v2ray-core/common/io"
@@ -14,6 +15,14 @@ import (
 	"github.com/v2ray/v2ray-core/proxy/vmess/protocol/user"
 )
 
+const (
+  requestReadTimeOut = 4 * time.Second
+)
+
+var (
+  zeroTime time.Time
+)
+
 type VMessInboundHandler struct {
 	vPoint    *core.Point
 	clients   user.UserSet
@@ -54,12 +63,16 @@ func (handler *VMessInboundHandler) HandleConnection(connection net.Conn) error
 
 	reader := protocol.NewVMessRequestReader(handler.clients)
 
+  // Timeout 4 seconds to prevent DoS attack
+  connection.SetReadDeadline(time.Now().Add(requestReadTimeOut))
 	request, err := reader.Read(connection)
 	if err != nil {
 		log.Warning("VMessIn: Invalid request from (%s): %v", connection.RemoteAddr().String(), err)
 		return err
 	}
 	log.Debug("VMessIn: Received request for %s", request.Address.String())
+  // Clear read timeout
+  connection.SetReadDeadline(zeroTime)
 
 	ray := handler.vPoint.NewInboundConnectionAccepted(request.Destination())
 	input := ray.InboundInput()