activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xabhi <xabh...@gmail.com>
Subject DOS attack on activemq setup
Date Thu, 09 Apr 2015 11:01:54 GMT
Hi,

I was thinking about ways in which I cause DOS attack on activemq and how to
prevent it.

I can bring the setup down by:
1. creating large number of connections - restrict based on connectionID?
2. large number of destinations
3. large number of subscriptions, consumers, producers, wildcard
subscriptions etc - restrict wildcard subscription, limit no of
consumer/producer?
4. Sending large number of persistent/non-persistent messages with huge
sizes - limit msgsize that can be sent?

I don't know how to implement each of them and would like to get ActiveMQ
community's thought on how to prevent these scenarios (either by hacking
into/enriching activemq code - Plugins ?). What are other ways to create a
DOS attack on activemq?

I know ActiveMQ provides basic authentication/authorization
(username/password) to restrict some of these cases like authorization
policy for destinations based on user name, groups.

What I am talking about is an unintentional DOS attack- where an legitimate
application/client goes berserk to bug in code etc. and creates large number
of connections or does a wildcard subscription and start receiving all
messages etc.

I would like to get thought on how to prevent each of the cases I pointed
before.

Thanks,
Abhi




--
View this message in context: http://activemq.2283324.n4.nabble.com/DOS-attack-on-activemq-setup-tp4694598.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Mime
View raw message