activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hadrian Zbarcea <hzbar...@gmail.com>
Subject Re: DOS attack on activemq setup
Date Thu, 09 Apr 2015 11:33:20 GMT
Are you thinking about something like the producer flow control [1]?

Hadrian

[1] http://activemq.apache.org/producer-flow-control.html

On 04/09/2015 07:01 AM, xabhi wrote:
> Hi,
>
> I was thinking about ways in which I cause DOS attack on activemq and how to
> prevent it.
>
> I can bring the setup down by:
> 1. creating large number of connections - restrict based on connectionID?
> 2. large number of destinations
> 3. large number of subscriptions, consumers, producers, wildcard
> subscriptions etc - restrict wildcard subscription, limit no of
> consumer/producer?
> 4. Sending large number of persistent/non-persistent messages with huge
> sizes - limit msgsize that can be sent?
>
> I don't know how to implement each of them and would like to get ActiveMQ
> community's thought on how to prevent these scenarios (either by hacking
> into/enriching activemq code - Plugins ?). What are other ways to create a
> DOS attack on activemq?
>
> I know ActiveMQ provides basic authentication/authorization
> (username/password) to restrict some of these cases like authorization
> policy for destinations based on user name, groups.
>
> What I am talking about is an unintentional DOS attack- where an legitimate
> application/client goes berserk to bug in code etc. and creates large number
> of connections or does a wildcard subscription and start receiving all
> messages etc.
>
> I would like to get thought on how to prevent each of the cases I pointed
> before.
>
> Thanks,
> Abhi
>
>
>
>
> --
> View this message in context: http://activemq.2283324.n4.nabble.com/DOS-attack-on-activemq-setup-tp4694598.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>

Mime
View raw message