ah thank you jcfolsom... any documentation about this? best..
On Sun, Feb 7, 2010 at 1:42 AM, <jcfolsom_at_pureperfect.com> wrote:
>
> It's probably a good idea to run Glassfish behind Apache with mod_evasive
> instead of on the public web.
>
>
> -------- Original Message --------
> Subject: glassfish DoS attack test - confirmed
> From: Cam Bazz <cambazz_at_gmail.com>
> Date: Sat, February 06, 2010 5:21 pm
> To: users_at_glassfish.dev.java.net
>
> Hello,
>
> Investigating why my glassfish v3 pauses, and following a previous
> thread on this list, i have found that the slowaris.pl perl script,
> does indeed bring glassfish v3 to its knees. It will not leave
> anything in the access logs, nor the server logs, but it does cause
> the same effect (glassfish pausing for certain period of times,
> usually until these threads times out)
>
> I have not verified the attack signature, which means that I dont know
> if my glassfish is having problems because of an attack, but I have
> run the exploit script againist my own server, and it generates the
> same effect.
>
> I also have made a simple program that just connects to a pingservlet,
> which just prints new date, and the total connection time is measured
> so I could study the problem methodically.
>
> Best Regards,
> -C.B.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
> --------------------------------------------------------------------- To
> unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net For additional
> commands, e-mail: users-help_at_glassfish.dev.java.net