tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "pero" <p...@antaramusic.de>
Subject RE: Hackers shutting down your Tomcat 4.x server?
Date Fri, 09 Nov 2001 19:03:13 GMT
As far as I know the SHUTDOWN command can only be sent from localhost -> so
the hacker has to break into your system first. And if that happens you'll
experience other problems :-)
But I don't know if it is possible to do a "fake-localhost" connect as I am
not that familiar with the hacking stuff...

pero


> -----Original Message-----
> From: John Freeborg [mailto:jfreeborg@softswitch.com]
> Sent: Friday, November 09, 2001 7:49 PM
> To: Tomcat Users List
> Subject: Hackers shutting down your Tomcat 4.x server?
>
>
> As I was reading through the server.xml config documentation I noticed
> that the shutdown attribute of the server element is described as:
>
>       The command string that must be received via a
>       TCP/IP connection to the specified port number
>       in order to shut down Tomcat.
>
>       <Server port="8005" shutdown="SHUTDOWN" debug="99">
>
> Am I correct in assuming that this would be a great thing to change if
> you have a server out in the wild? (and perhaps the port also)
>
> Other than a firewall blocking traffic to this port, what would prevent
> some random hacker from connecting to port 8005 and shutting down my
> server?
>
> Thanks,
>  - John
>
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
>
>


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message