users@glassfish.java.net

glassfish DoS attack test - confirmed

From: Cam Bazz <cambazz_at_gmail.com>
Date: Sun, 7 Feb 2010 00:21:49 +0200

Hello,

Investigating why my glassfish v3 pauses, and following a previous
thread on this list, i have found that the slowaris.pl perl script,
does indeed bring glassfish v3 to its knees. It will not leave
anything in the access logs, nor the server logs, but it does cause
the same effect (glassfish pausing for certain period of times,
usually until these threads times out)

I have not verified the attack signature, which means that I dont know
if my glassfish is having problems because of an attack, but I have
run the exploit script againist my own server, and it generates the
same effect.

I also have made a simple program that just connects to a pingservlet,
which just prints new date, and the total connection time is measured
so I could study the problem methodically.

Best Regards,
-C.B.