You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Aleksandr Polovtcev (Jira)" <ji...@apache.org> on 2022/10/05 15:14:00 UTC

[jira] [Commented] (IGNITE-16741) DoS attacks on ignite ports

    [ https://issues.apache.org/jira/browse/IGNITE-16741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17613037#comment-17613037 ] 

Aleksandr Polovtcev commented on IGNITE-16741:
----------------------------------------------

Sorry for the delay, but I've discussed this with other developers and we decided that this problem should not be solved by Ignite itself, but rather by external tools. If you are experiencing troubles with the Direct Buffer space being exhausted, you can try setting a smaller socket buffer sizes in {{ClientConnectorConfiguration}}

> DoS attacks on ignite ports
> ---------------------------
>
>                 Key: IGNITE-16741
>                 URL: https://issues.apache.org/jira/browse/IGNITE-16741
>             Project: Ignite
>          Issue Type: Bug
>    Affects Versions: 2.11.1
>            Reporter: biandeqiang
>            Assignee: Aleksandr Polovtcev
>            Priority: Critical
>              Labels: ise
>
> DoS attacks on ignite's TcpCommunicationSpi and TcpDiscoverySpi's ports
> The ignite I use is embedded,ignite uses two ports, When I was testing a dos attack on the port, ignite had java.lang.OutOfMemoryError: Direct buffer memory.
> TcpDiscoverySpi spi = new TcpDiscoverySpi();
> spi.setLocalPort("port")
> TcpCommunicationSpi ipCom = new TcpCommunicationSpi();
> ipCom.setLocalPort("port")
>  
> {{[2021-12-01 14:12:59,056][WARN ][0][0][grid-nio-worker-tcp-comm-4-#43%TcpCommunicationSpi%][ROOT][IgniteLoggerImp][88] Caught unhandled exception in NIO worker thread (restart the node). java.lang.OutOfMemoryError: Direct buffer memory
> at java.nio.Bits.reserveMemory(Bits.java:695)
> at java.nio.DirectByteBuffer.<init>(DirectByteBuffer.java:123)
> at java.nio.ByteBuffer.allocateDirect(ByteBuffer.java:311)
> at org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.register(GridNioServer.java:2672)
> at org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2089)
> at org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1910)
> at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
> at java.lang.Thread.run(Thread.java:748)}}
>  
> I hope Ignite can also add MaxConnect as Tomcat and set a counter. If the counter exceeds the value, wait for several seconds.{{{}{}}}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)