You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@zookeeper.apache.org by zhanggang <zh...@huawei.com> on 2017/11/21 14:47:11 UTC

Hi Zookeeper expert, we encountered a slow attack problem, described as follows, please help to analyze and confirm, thank you very much

Hi Zookeeper expert, we encountered a slow attack problem, described as follows, please help to analyze and confirm, thank you very much.

Problem:
In the client using some method (such as telnet) to establish a tcp connection with server-side zookeeper listening port , but after the establishment of tcp connection, the client does not send any data. However, apache will not disconnect this tcp connection, may lead to the number of connections exhausted , Resulting in DOS

The attack process：
1. The client executes the telnet service port
[cid:image002.png@01D36319.ECA0A6C0][cid:image001.png@01D36318.D3DBD200]
Start the client telnet server port 8885,8888,8889, do not exit for a long time:
Excuting an order:
telnet 3.101.3.119 8885
telnet 3.101.3.119 8888
telnet 3.101.3.119 8889