It's probably a good idea to run Glassfish behind Apache with mod_evasive instead of on the public web.
-------- Original Message --------
Subject: glassfish DoS attack test - confirmed
From: Cam Bazz <cambazz@gmail.com>
Date: Sat, February 06, 2010 5:21 pm
To: users@glassfish.dev.java.net
Hello,
Investigating why my glassfish v3 pauses, and following a previous
thread on this list, i have found that the slowaris.pl perl script,
does indeed bring glassfish v3 to its knees. It will not leave
anything in the access logs, nor the server logs, but it does cause
the same effect (glassfish pausing for certain period of times,
usually until these threads times out)
I have not verified the attack signature, which means that I dont know
if my glassfish is having problems because of an attack, but I have
run the exploit script againist my own server, and it generates the
same effect.
I also have made a simple program that just connects to a pingservlet,
which just prints new date, and the total connection time is measured
so I could study the problem methodically.
Best Regards,
-C.B.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net