Re: DOS kind of Attack to your RAM?

[John Smith <cm...@acedsl.com>]

...

> It's not even vaguely a Java/TC question.

...

> Who did? What evidence is there that you were attacked? In what sense

> is it a DOS attack? What does it have to do with Jakarta?



 Well, actually (and I am no trying to go into a rhetorical diatribe), as I
said, I am using HSQL in memory tables for session handling and temporary
data storage and Java/TC as servlet engine. How is it so far fetched to
Java/Jakarta/TC people?



 Again, the techniques to attack/corrupt the RAM on a server are not exactly
a Java/TC issue, but aren't HSQLDB (a pure Java DBMS) in memory(/RAM only)
tables and TC definitely a very Java/TC environment in which these types of
attacks could happen?



 I wouldn't believe so, but could TC's gc be somehow reclaiming the RAM that
HSQL is using?



 I hacked the TC source and created the session DB/table at TC
start-up/bootstrapping code and the in memory temp tables in the
httpservlet.init method.



 The thing is that apparently it happens in a temperamental (and
intelligent?) way.

If things get rotten in memory then the OS/TC should shut down, but it is
happening as if someone is somehow able to run queries on the in memory
database tables and just delete certain users data.



 I use HSQL in memory tables because I am working on a diskless
multi-instance Apache + TCs environment. If this (attacking you RAM based
OS/app) is the only option you leave open to hackers to get to you -they-
will use it.



 Now, does sealing all webapp classes and/or using an encrypted FS and
RAMDISK help?



> You haven't really said what 'they' have done.



 I only commit a transaction to the backend server when the HTTPSession has
either eventually come to a natural end/committed by the user or the user
has left off the session leaving an incomplete session (which is
automatically reclaimed by the engine (you would use the hooks from the
ServletSessionListener interface)) I have functionally a stress tested it
and it works wonderfully.



 Then I see on the logs that some users where online doing their stuff
without trouble when the data they had in RAM suddenly evaporates without
leaving traces.



 Also last time I checked in English you always need a subject
'they' -means-, namely, 'they' and
google/http://www.mail-archive.com/tomcat-*@jakarta.apache.org/ searches
tell me you are not exactly a 'no-previous-history' person.



 Also, sorry if I bothered you guys at tomcat-dev



 Please, help.




----- Original Message -----
From: "Andy Armstrong" <an...@hexten.net>
To: "Tomcat Developers List" <to...@jakarta.apache.org>
Sent: Thursday, March 17, 2005 3:13 AM
Subject: Re: DOS kind of Attack to your RAM?


> On 17 Mar 2005, at 04:31, John Smith wrote:
> > I know this is not exactly a Java/TC question, but that could happen
> > to any
> > machine in a DMZ.
>
> It's not even vaguely a Java/TC question.
>
> > Today as I showcased some app to my clients there was an incident of
> > clients
> > entering data that is not saved.
> >
> > It apparently happens in some cases, all data kept in sessions I keep
> > in a
> > memory HSQL table only when a user is done I save the data on the back
> > end
> > tables
> >
> > But apparently they corrupted the in memory data somehow
>
> Who did? What evidence is there that you were attacked? In what sense
> is it a DOS attack? What does it have to do with Jakarta?
>
> > How do these m*th$r f&ck!rs do that (any links?) and how can you avoid
> > it?
>
> You haven't really said what 'they' have done.
>
> --
> Andy Armstrong, hexten.net
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org