Hello,
Decreasing the keepalive is a good idea, but slowaris does test for
keepalive timeout, and crafts packets accordingly.
I tried enabling upload-timeout-enabled from the admin console, but
it would kick it false as soon as you save it.
Also, there was a previous discussion on this list about
<http>
<io-timeout>15</io-timeout>
<request-header-timeout>5</request-header-timeout>
<request-body-timeout>5</request-body-timeout>
</http>
protecting againist these kind of attacks, but that only worked in
Sun's App Server.
Best.
On Sun, Feb 7, 2010 at 6:00 PM, <jcfolsom_at_pureperfect.com> wrote:
>
> It seems like there should be something for apache that actually works to
> shut down denial of service attacks, that way it would work for every
> application server not just glassfish. If mod_evasive doesn't work, I guess
> I will have to write something that does.
>
>
> -------- Original Message --------
> Subject: Re: glassfish DoS attack test - confirmed
> From: Oleksiy Stashok <Oleksiy.Stashok_at_Sun.COM>
> Date: Sun, February 07, 2010 6:46 am
> To: users_at_glassfish.dev.java.net
>
> Hi,
> you can decrease time GF waits for incoming connection data by setting
> upload timeout setting in domain.xml like [1].
> For sure after decreasing this value you can forget about "telneting" to GF,
> but it should help with such kind of DoS attacks.
> WBR,
> Alexey.
> [1]
> <network-config>
> <protocols>
> <protocol name="http-listener-1">
> <http max-connections="0" default-virtual-server="server" server-name=""
> upload-timeout-enabled="true" connection-upload-timeout-millis="1000">
> On Feb 7, 2010, at 8:58 , Cam Bazz wrote:
>
> mod_jk and mod_evasive are now working perfectly with my glassfish v3.
> I found out that the new procedure described by jfarcand is much
> easier than the older mod_jk configs.
> unfortunately, even though mod_evasive works (like after clicking
> refresh repetitively gets you a 403) slowsaris.pl still effects gf v3.
>
> best.
>
> On Sun, Feb 7, 2010 at 3:13 AM, <jcfolsom_at_pureperfect.com> wrote:
>
> mod_evasive is the only thing that I know of that is HTTP specific. Really
>
> though, ddos is an network issue and not specific to even IP let alone HTTP.
>
> I don't know enough about firewalls though to help you out, but please keep
>
> us posted on what you find.
>
>
> -------- Original Message --------
>
> Subject: Re: glassfish DoS attack test - confirmed
>
> From: Cam Bazz <cambazz_at_gmail.com>
>
> Date: Sat, February 06, 2010 7:01 pm
>
> To: users_at_glassfish.dev.java.net
>
> well, right when i was reading about mod_evasive, on
>
> http://bahumbug.wordpress.com/2009/06/21/slowloris/ - that someone
>
> commented that mod_evasive was not able to defend againist slowaris
>
> Best.
>
> On Sun, Feb 7, 2010 at 1:50 AM, Cam Bazz <cambazz_at_gmail.com> wrote:
>
> ah thank you jcfolsom... any documentation about this? best..
>
> On Sun, Feb 7, 2010 at 1:42 AM, <jcfolsom_at_pureperfect.com> wrote:
>
> It's probably a good idea to run Glassfish behind Apache with mod_evasive
>
> instead of on the public web.
>
>
> -------- Original Message --------
>
> Subject: glassfish DoS attack test - confirmed
>
> From: Cam Bazz <cambazz_at_gmail.com>
>
> Date: Sat, February 06, 2010 5:21 pm
>
> To: users_at_glassfish.dev.java.net
>
> Hello,
>
> Investigating why my glassfish v3 pauses, and following a previous
>
> thread on this list, i have found that the slowaris.pl perl script,
>
> does indeed bring glassfish v3 to its knees. It will not leave
>
> anything in the access logs, nor the server logs, but it does cause
>
> the same effect (glassfish pausing for certain period of times,
>
> usually until these threads times out)
>
> I have not verified the attack signature, which means that I dont know
>
> if my glassfish is having problems because of an attack, but I have
>
> run the exploit script againist my own server, and it generates the
>
> same effect.
>
> I also have made a simple program that just connects to a pingservlet,
>
> which just prints new date, and the total connection time is measured
>
> so I could study the problem methodically.
>
> Best Regards,
>
> -C.B.
>
> ---------------------------------------------------------------------
>
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
> --------------------------------------------------------------------- To
>
> unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net For
>
> additional
>
> commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
> ---------------------------------------------------------------------
>
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
> --------------------------------------------------------------------- To
>
> unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net For additional
>
> commands, e-mail: users-help_at_glassfish.dev.java.net
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
> --------------------------------------------------------------------- To
> unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net For additional
> commands, e-mail: users-help_at_glassfish.dev.java.net