You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2014/09/10 23:15:34 UTC

[jira] [Resolved] (DIRMINA-764) DDOS possible in only a few seconds...

     [ https://issues.apache.org/jira/browse/DIRMINA-764?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emmanuel Lecharny resolved DIRMINA-764.
---------------------------------------
    Resolution: Won't Fix

A carefully drafted server will not get hit by such a pb. 

> DDOS possible in only a few seconds...
> --------------------------------------
>
>                 Key: DIRMINA-764
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-764
>             Project: MINA
>          Issue Type: Bug
>    Affects Versions: 2.0.0-RC1
>            Reporter: Emmanuel Lecharny
>            Assignee: Emmanuel Lecharny
>            Priority: Blocker
>             Fix For: 2.0.8
>
>         Attachments: screenshot-1.jpg, screenshot-2.jpg
>
>
> We can kill a server in just a few seconds using the stress test found in DIRMINA-762.
> If we inject messages with no delay, using 50 threads to do that, the ProtocolCodecFilter$MessageWriteRequest is stuffed with hundred of thousands messages waiting to be written back to the client, with no success.
> On the client side, we receive almost no messages :
> 0 messages/sec (total messages received 1)
> 2 messages/sec (total messages received 11)
> 8 messages/sec (total messages received 55)
> 8 messages/sec (total messages received 95)
> 9 messages/sec (total messages received 144)
> 3 messages/sec (total messages received 162)
> 1 messages/sec (total messages received 169)
> ...
> On the server side, the memory is totally swamped in 20 seconds, with no way to recover :
> Exception in thread "pool-1-thread-1" java.lang.OutOfMemoryError: Java heap space
> (see graph attached)
> On the server, ConcurrentLinkedQueue contain the messages to be written (in my case, 724 499 Node are present). There are also 361629 DefaultWriteRequests, 361628 DefaultWriteFutures, 361625 SimpleBuffer, 361 618 ProtocolCodecFilter$MessageWriteRequest and 361 614 ProtocolCodecFilter$EncodedWriteRequests.
> That mean we don't flush them to the client at all. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)