You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Timothy Bish (JIRA)" <ji...@apache.org> on 2015/06/05 18:33:00 UTC
[jira] [Reopened] (AMQ-5829) Fake AMQP connections remain in
ActiveMQ and cause denial of service
[ https://issues.apache.org/jira/browse/AMQ-5829?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish reopened AMQ-5829:
-------------------------------
> Fake AMQP connections remain in ActiveMQ and cause denial of service
> --------------------------------------------------------------------
>
> Key: AMQ-5829
> URL: https://issues.apache.org/jira/browse/AMQ-5829
> Project: ActiveMQ
> Issue Type: Bug
> Components: Connector
> Affects Versions: 5.11.1
> Environment: Linux RedHat 5.5
> Reporter: Leo Riguspi
> Priority: Critical
> Fix For: 5.12.0
>
>
> Telnet connections on amqp and amqp+ssl transports remain visible in ActiveMQ (only from JMX!) even after they have been closed. Same happens for openssl connections.
> This causes the maximumConnections limit to be reached and no more connections are accepted!!!
> And it is therefore easy to perform a DoS.
> To reproduce:
> - configure ActiveMQ with the amqp or amqp+ssl transport
> - monitor the connections via JMX, with jconsole (clientConnectors->amqp->remoteAddress)
> - telnet on the transport port number
> - see the new connection in Jconsole
> - close the telnet session completely
> - connection is still visible in jconsole
> If you set the maximumConnections to 3, after three telnets nobody can connect!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)