activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthew Good (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMQ-498) Secure the server from simple DoS attacks
Date Mon, 04 Jun 2012 23:47:23 GMT

    [ https://issues.apache.org/jira/browse/AMQ-498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13288999#comment-13288999
] 

Matthew Good commented on AMQ-498:
----------------------------------

Fyi, this change broke us.  In the future you should try to make changes that are backwards
compatible.  If they are not, they should be explicitly mentioned in the release notes.  In
this case, how many people really need it?  It could have been that if the maxFrameSize is
not explicitly set, then frame size checking would be disabled - as before.  

I will say, it is a great feature for those who have publicly exposed brokers.  Thanks!
                
> Secure the server from simple DoS attacks
> -----------------------------------------
>
>                 Key: AMQ-498
>                 URL: https://issues.apache.org/jira/browse/AMQ-498
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: Broker
>         Environment: An untrusted network.  DoS attack attempts are common.
>            Reporter: Hiram Chirino
>            Assignee: Hiram Chirino
>             Fix For: 5.6.0
>
>
> Originating from http://forums.logicblaze.com/posts/list/205.page
> Simply start the 4.0 server (I used the stock config) 
> in another window telnet to localhost 61616 
> you will receieve: 
> ActiveMQ^[[?1;2c 
> type asdfasdf 
> The connection will close by itself. 
> All future TCP connections, either from telnet or from real JMS clients, will hang. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message