users@glassfish.java.net

RE: glassfish DoS attack test - confirmed

From: <jcfolsom_at_pureperfect.com>
Date: Sat, 06 Feb 2010 17:07:40 -0700

http://ubuntuforums.org/showthread.php?t=39328

http://weblogs.java.net/blog/2009/01/30/totd-67-how-front-end-glassfish-cluster-apache-modjk-mac-osx-leopard

http://httpd.apache.org/docs/1.3/mod/mod_proxy.html

http://www.zdziarski.com/projects/mod_evasive/

-------- Original Message --------
Subject: Re: glassfish DoS attack test - confirmed
From: Cam Bazz <cambazz@gmail.com>
Date: Sat, February 06, 2010 6:50 pm
To: users@glassfish.dev.java.net

ah thank you jcfolsom... any documentation about this? best..

On Sun, Feb 7, 2010 at 1:42 AM, <jcfolsom@pureperfect.com> wrote:
>
> It's probably a good idea to run Glassfish behind Apache with mod_evasive
> instead of on the public web.
>
>
> -------- Original Message --------
> Subject: glassfish DoS attack test - confirmed
> From: Cam Bazz <cambazz@gmail.com>
> Date: Sat, February 06, 2010 5:21 pm
> To: users@glassfish.dev.java.net
>
> Hello,
>
> Investigating why my glassfish v3 pauses, and following a previous
> thread on this list, i have found that the slowaris.pl perl script,
> does indeed bring glassfish v3 to its knees. It will not leave
> anything in the access logs, nor the server logs, but it does cause
> the same effect (glassfish pausing for certain period of times,
> usually until these threads times out)
>
> I have not verified the attack signature, which means that I dont know
> if my glassfish is having problems because of an attack, but I have
> run the exploit script againist my own server, and it generates the
> same effect.
>
> I also have made a simple program that just connects to a pingservlet,
> which just prints new date, and the total connection time is measured
> so I could study the problem methodically.
>
> Best Regards,
> -C.B.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
> For additional commands, e-mail: users-help@glassfish.dev.java.net
>
> --------------------------------------------------------------------- To
> unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net For additional
> commands, e-mail: users-help@glassfish.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.