In my tests on Mac OS, I too noticed GlassFish v3 pauses when running
the slowaris.pl script. I was running an infinite loop for wget on
http://localhost:8080 as a test
I was able to reduce the pause times and frequency by reducing the
keep-alive timeout (30 seconds by default). You can do that by using the
admin console by traversing to the following node of the Tree (left pane) :
Network Config > Protocols > http-listener-1
and then changing the Timeout value in the HTTP tab to something smaller
than the default. I used 10 seconds. Restart the server after making the
change.
Though this may be able to close the malicious DoS attack connections -
but it may have the unintended consequence of increasing the response
time for users if they cross the keep-alive timeout threshold in using
the application.
Cam Bazz wrote:
> Hello,
>
> Investigating why my glassfish v3 pauses, and following a previous
> thread on this list, i have found that the slowaris.pl perl script,
> does indeed bring glassfish v3 to its knees. It will not leave
> anything in the access logs, nor the server logs, but it does cause
> the same effect (glassfish pausing for certain period of times,
> usually until these threads times out)
>
> I have not verified the attack signature, which means that I dont know
> if my glassfish is having problems because of an attack, but I have
> run the exploit script againist my own server, and it generates the
> same effect.
>
> I also have made a simple program that just connects to a pingservlet,
> which just prints new date, and the total connection time is measured
> so I could study the problem methodically.
>
> Best Regards,
> -C.B.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>