Hi,
you can decrease time GF waits for incoming connection data by setting
upload timeout setting in domain.xml like [1].
For sure after decreasing this value you can forget about "telneting"
to GF, but it should help with such kind of DoS attacks.
WBR,
Alexey.
[1]
<network-config>
<protocols>
<protocol name="http-listener-1">
<http max-connections="0" default-virtual-server="server" server-
name="" upload-timeout-enabled="true" connection-upload-timeout-
millis="1000">
On Feb 7, 2010, at 8:58 , Cam Bazz wrote:
> mod_jk and mod_evasive are now working perfectly with my glassfish v3.
> I found out that the new procedure described by jfarcand is much
> easier than the older mod_jk configs.
> unfortunately, even though mod_evasive works (like after clicking
> refresh repetitively gets you a 403) slowsaris.pl still effects gf v3.
>
> best.
>
> On Sun, Feb 7, 2010 at 3:13 AM, <jcfolsom_at_pureperfect.com> wrote:
>>
>> mod_evasive is the only thing that I know of that is HTTP specific.
>> Really
>> though, ddos is an network issue and not specific to even IP let
>> alone HTTP.
>> I don't know enough about firewalls though to help you out, but
>> please keep
>> us posted on what you find.
>>
>>
>> -------- Original Message --------
>> Subject: Re: glassfish DoS attack test - confirmed
>> From: Cam Bazz <cambazz_at_gmail.com>
>> Date: Sat, February 06, 2010 7:01 pm
>> To: users_at_glassfish.dev.java.net
>>
>> well, right when i was reading about mod_evasive, on
>> http://bahumbug.wordpress.com/2009/06/21/slowloris/ - that someone
>> commented that mod_evasive was not able to defend againist slowaris
>>
>> Best.
>>
>> On Sun, Feb 7, 2010 at 1:50 AM, Cam Bazz <cambazz_at_gmail.com> wrote:
>>> ah thank you jcfolsom... any documentation about this? best..
>>>
>>> On Sun, Feb 7, 2010 at 1:42 AM, <jcfolsom_at_pureperfect.com> wrote:
>>>>
>>>> It's probably a good idea to run Glassfish behind Apache with
>>>> mod_evasive
>>>> instead of on the public web.
>>>>
>>>>
>>>> -------- Original Message --------
>>>> Subject: glassfish DoS attack test - confirmed
>>>> From: Cam Bazz <cambazz_at_gmail.com>
>>>> Date: Sat, February 06, 2010 5:21 pm
>>>> To: users_at_glassfish.dev.java.net
>>>>
>>>> Hello,
>>>>
>>>> Investigating why my glassfish v3 pauses, and following a previous
>>>> thread on this list, i have found that the slowaris.pl perl script,
>>>> does indeed bring glassfish v3 to its knees. It will not leave
>>>> anything in the access logs, nor the server logs, but it does cause
>>>> the same effect (glassfish pausing for certain period of times,
>>>> usually until these threads times out)
>>>>
>>>> I have not verified the attack signature, which means that I dont
>>>> know
>>>> if my glassfish is having problems because of an attack, but I have
>>>> run the exploit script againist my own server, and it generates the
>>>> same effect.
>>>>
>>>> I also have made a simple program that just connects to a
>>>> pingservlet,
>>>> which just prints new date, and the total connection time is
>>>> measured
>>>> so I could study the problem methodically.
>>>>
>>>> Best Regards,
>>>> -C.B.
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>
>>>> --------------------------------------------------------------------- To
>>>> unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net For
>>>> additional
>>>> commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>> --------------------------------------------------------------------- To
>> unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net For
>> additional
>> commands, e-mail: users-help_at_glassfish.dev.java.net
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>