You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Timothy Bish (JIRA)" <ji...@apache.org> on 2015/06/05 18:33:00 UTC

[jira] [Reopened] (AMQ-5829) Fake AMQP connections remain in ActiveMQ and cause denial of service

     [ https://issues.apache.org/jira/browse/AMQ-5829?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Timothy Bish reopened AMQ-5829:
-------------------------------

> Fake AMQP connections remain in ActiveMQ and cause denial of service
> --------------------------------------------------------------------
>
>                 Key: AMQ-5829
>                 URL: https://issues.apache.org/jira/browse/AMQ-5829
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Connector
>    Affects Versions: 5.11.1
>         Environment: Linux RedHat 5.5
>            Reporter: Leo Riguspi
>            Priority: Critical
>             Fix For: 5.12.0
>
>
> Telnet connections on amqp and amqp+ssl transports remain visible in ActiveMQ (only from JMX!) even after they have been closed. Same happens for openssl connections.
> This causes the maximumConnections limit to be reached and no more connections are accepted!!!
> And it is therefore easy to perform a DoS.
> To reproduce:
> - configure ActiveMQ with the amqp or amqp+ssl transport
> - monitor the connections via JMX, with jconsole (clientConnectors->amqp->remoteAddress)
> - telnet on the transport port number
> - see the new connection in Jconsole
> - close the telnet session completely
> - connection is still visible in jconsole
> If you set the maximumConnections to 3, after three telnets nobody can connect!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)