You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by "P. Taylor Goetz" <pt...@gmail.com> on 2013/12/12 21:52:32 UTC

Re: [storm-user] Nimbus goes out of memory

(adding dev@)

We should probably add a JIRA ticket for this. Probably fairly high priority since being able to DOS nimbus with ssh is kind of a big hole.

Cassandra had this issue and they were able to fix it: https://issues.apache.org/jira/browse/CASSANDRA-475

I’ll take a look at what they did and see if there is something we could do along those lines.

- Taylor


On Dec 12, 2013, at 3:41 PM, P. Taylor Goetz <pt...@gmail.com> wrote:

> What is the security scan doing?
> 
> Here is the thread I think you were referring to: https://groups.google.com/forum/#!searchin/storm-user/ssh/storm-user/TDdVOgYT9To/u3VBDVeMck4J
> 
> Is there a way to configure the scan to stay away from the nimbus host and thrift port?
> 
> - Taylor
> 
> 
> On Dec 12, 2013, at 3:16 PM, Kiran <nk...@gmail.com> wrote:
> 
>> Hi,
>> 
>>     I see that storm nimbus goes out memory during internal security scan. This renders any process monitors on our end ineffective. I had seen a earlier discussion which mentioned it was due to malformed request being sent on the thrift port.
>> 
>> Is there fix available for this, or is there a way to quit the JVM . I am using storm version : 0.8.3
>> 
>> For now i am planning to use -XX:OnOutOfMemoryError="kill -9 %p”. Has anyone already tried this out ?
>> 
>> Please advice.
>> 
>> Thanks.
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups "storm-user" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to storm-user+unsubscribe@googlegroups.com.
>> For more options, visit https://groups.google.com/groups/opt_out.
>

Re: [storm-user] Nimbus goes out of memory

Posted by "P. Taylor Goetz" <pt...@gmail.com>.

Kiran,

I found a fix for this and submitted a pull request: https://github.com/apache/incubator-storm/pull/3

It should be fixed in the 0.9.1 release.

- Taylor

On Dec 12, 2013, at 4:53 PM, Kiran <nk...@gmail.com> wrote:

> 
> Great! Thanks Taylor. Actually, I was referring to this thread
> 
> We cant provide much information about the process. But it basically involves sending some random packets to check for vulnerabilities. It would be a tough process to get the security group add exceptions..
> 
> Thanks,
> Kiran
> 
> On Thursday, December 12, 2013 12:52:32 PM UTC-8, P. Taylor Goetz wrote:
> (adding dev@)
> 
> We should probably add a JIRA ticket for this. Probably fairly high priority since being able to DOS nimbus with ssh is kind of a big hole.
> 
> Cassandra had this issue and they were able to fix it: https://issues.apache.org/jira/browse/CASSANDRA-475
> 
> I’ll take a look at what they did and see if there is something we could do along those lines.
> 
> - Taylor
> 
> 
> On Dec 12, 2013, at 3:41 PM, P. Taylor Goetz <pt...@gmail.com> wrote:
> 
>> What is the security scan doing?
>> 
>> Here is the thread I think you were referring to: https://groups.google.com/forum/#!searchin/storm-user/ssh/storm-user/TDdVOgYT9To/u3VBDVeMck4J
>> 
>> Is there a way to configure the scan to stay away from the nimbus host and thrift port?
>> 
>> - Taylor
>> 
>> 
>> On Dec 12, 2013, at 3:16 PM, Kiran <nk...@gmail.com> wrote:
>> 
>>> Hi,
>>> 
>>>     I see that storm nimbus goes out memory during internal security scan. This renders any process monitors on our end ineffective. I had seen a earlier discussion which mentioned it was due to malformed request being sent on the thrift port.
>>> 
>>> Is there fix available for this, or is there a way to quit the JVM . I am using storm version : 0.8.3
>>> 
>>> For now i am planning to use -XX:OnOutOfMemoryError="kill -9 %p”. Has anyone already tried this out ?
>>> 
>>> Please advice.
>>> 
>>> Thanks.
>>> 
>>> -- 
>>> You received this message because you are subscribed to the Google Groups "storm-user" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an email to storm-user+...@googlegroups.com.
>>> For more options, visit https://groups.google.com/groups/opt_out.
>> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups "storm-user" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to storm-user+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

Re: [storm-user] Nimbus goes out of memory

Posted by "P. Taylor Goetz" <pt...@gmail.com>.

Kiran,

I found a fix for this and submitted a pull request: https://github.com/apache/incubator-storm/pull/3

It should be fixed in the 0.9.1 release.

- Taylor

On Dec 12, 2013, at 4:53 PM, Kiran <nk...@gmail.com> wrote:

> 
> Great! Thanks Taylor. Actually, I was referring to this thread
> 
> We cant provide much information about the process. But it basically involves sending some random packets to check for vulnerabilities. It would be a tough process to get the security group add exceptions..
> 
> Thanks,
> Kiran
> 
> On Thursday, December 12, 2013 12:52:32 PM UTC-8, P. Taylor Goetz wrote:
> (adding dev@)
> 
> We should probably add a JIRA ticket for this. Probably fairly high priority since being able to DOS nimbus with ssh is kind of a big hole.
> 
> Cassandra had this issue and they were able to fix it: https://issues.apache.org/jira/browse/CASSANDRA-475
> 
> I’ll take a look at what they did and see if there is something we could do along those lines.
> 
> - Taylor
> 
> 
> On Dec 12, 2013, at 3:41 PM, P. Taylor Goetz <pt...@gmail.com> wrote:
> 
>> What is the security scan doing?
>> 
>> Here is the thread I think you were referring to: https://groups.google.com/forum/#!searchin/storm-user/ssh/storm-user/TDdVOgYT9To/u3VBDVeMck4J
>> 
>> Is there a way to configure the scan to stay away from the nimbus host and thrift port?
>> 
>> - Taylor
>> 
>> 
>> On Dec 12, 2013, at 3:16 PM, Kiran <nk...@gmail.com> wrote:
>> 
>>> Hi,
>>> 
>>>     I see that storm nimbus goes out memory during internal security scan. This renders any process monitors on our end ineffective. I had seen a earlier discussion which mentioned it was due to malformed request being sent on the thrift port.
>>> 
>>> Is there fix available for this, or is there a way to quit the JVM . I am using storm version : 0.8.3
>>> 
>>> For now i am planning to use -XX:OnOutOfMemoryError="kill -9 %p”. Has anyone already tried this out ?
>>> 
>>> Please advice.
>>> 
>>> Thanks.
>>> 
>>> -- 
>>> You received this message because you are subscribed to the Google Groups "storm-user" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an email to storm-user+...@googlegroups.com.
>>> For more options, visit https://groups.google.com/groups/opt_out.
>> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups "storm-user" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to storm-user+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

Re: [storm-user] Nimbus goes out of memory

Posted by Kiran <nk...@gmail.com>.

Great! Thanks Taylor. Actually, I was referring to this thread<https://groups.google.com/forum/#!searchin/storm-user/nimbus$20out$20of$20memory/storm-user/66PFsYLLTvI/foIeofCH6CcJ>

We cant provide much information about the process. But it basically 
involves sending some random packets to check for vulnerabilities. It would 
be a tough process to get the security group add exceptions..

Thanks,
Kiran

On Thursday, December 12, 2013 12:52:32 PM UTC-8, P. Taylor Goetz wrote:
>
> (adding dev@)
>
> We should probably add a JIRA ticket for this. Probably fairly high 
> priority since being able to DOS nimbus with ssh is kind of a big hole.
>
> Cassandra had this issue and they were able to fix it: 
> https://issues.apache.org/jira/browse/CASSANDRA-475
>
> I’ll take a look at what they did and see if there is something we could 
> do along those lines.
>
> - Taylor
>
>
> On Dec 12, 2013, at 3:41 PM, P. Taylor Goetz <ptg...@gmail.com<javascript:>> 
> wrote:
>
> What is the security scan doing?
>
> Here is the thread I think you were referring to: 
> https://groups.google.com/forum/#!searchin/storm-user/ssh/storm-user/TDdVOgYT9To/u3VBDVeMck4J
>
> Is there a way to configure the scan to stay away from the nimbus host and 
> thrift port?
>
> - Taylor
>
>
> On Dec 12, 2013, at 3:16 PM, Kiran <nkir...@gmail.com <javascript:>> 
> wrote:
>
> Hi,
>
>     I see that storm nimbus goes out memory during internal security scan. 
> This renders any process monitors on our end ineffective. I had seen a 
> earlier discussion which mentioned it was due to malformed request being 
> sent on the thrift port.
>
> Is there fix available for this, or is there a way to quit the JVM . I am 
> using storm version : 0.8.3
>
> For now i am planning to use -XX:OnOutOfMemoryError="kill -9 %p”. Has 
> anyone already tried this out ?
>
> Please advice.
>
> Thanks.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "storm-user" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to storm-user+...@googlegroups.com <javascript:>.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
>