users@glassfish.java.net

RE: glassfish DoS attack test - confirmed

From: <jcfolsom_at_pureperfect.com>
Date: Sat, 06 Feb 2010 18:13:49 -0700

mod_evasive is the only thing that I know of that is HTTP specific. Really though, ddos is an network issue and not specific to even IP let alone HTTP. I don't know enough about firewalls though to help you out, but please keep us posted on what you find.



-------- Original Message --------
Subject: Re: glassfish DoS attack test - confirmed
From: Cam Bazz <cambazz@gmail.com>
Date: Sat, February 06, 2010 7:01 pm
To: users@glassfish.dev.java.net

well, right when i was reading about mod_evasive, on
http://bahumbug.wordpress.com/2009/06/21/slowloris/ - that someone
commented that mod_evasive was not able to defend againist slowaris

Best.

On Sun, Feb 7, 2010 at 1:50 AM, Cam Bazz <cambazz@gmail.com> wrote:
> ah thank you jcfolsom... any documentation about this? best..
>
> On Sun, Feb 7, 2010 at 1:42 AM,  <jcfolsom@pureperfect.com> wrote:
>>
>> It's probably a good idea to run Glassfish behind Apache with mod_evasive
>> instead of on the public web.
>>
>>
>> -------- Original Message --------
>> Subject: glassfish DoS attack test - confirmed
>> From: Cam Bazz <cambazz@gmail.com>
>> Date: Sat, February 06, 2010 5:21 pm
>> To: users@glassfish.dev.java.net
>>
>> Hello,
>>
>> Investigating why my glassfish v3 pauses, and following a previous
>> thread on this list, i have found that the slowaris.pl perl script,
>> does indeed bring glassfish v3 to its knees. It will not leave
>> anything in the access logs, nor the server logs, but it does cause
>> the same effect (glassfish pausing for certain period of times,
>> usually until these threads times out)
>>
>> I have not verified the attack signature, which means that I dont know
>> if my glassfish is having problems because of an attack, but I have
>> run the exploit script againist my own server, and it generates the
>> same effect.
>>
>> I also have made a simple program that just connects to a pingservlet,
>> which just prints new date, and the total connection time is measured
>> so I could study the problem methodically.
>>
>> Best Regards,
>> -C.B.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
>> For additional commands, e-mail: users-help@glassfish.dev.java.net
>>
>> --------------------------------------------------------------------- To
>> unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net For additional
>> commands, e-mail: users-help@glassfish.dev.java.net
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.