[ https://issues.apache.org/jira/browse/DIRMINA-764?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lecharny updated DIRMINA-764: -------------------------------------- Fix Version/s: (was: 2.0.6) 2.0.8 > DDOS possible in only a few seconds... > -------------------------------------- > > Key: DIRMINA-764 > URL: https://issues.apache.org/jira/browse/DIRMINA-764 > Project: MINA > Issue Type: Bug > Affects Versions: 2.0.0-RC1 > Reporter: Emmanuel Lecharny > Assignee: Emmanuel Lecharny > Priority: Blocker > Fix For: 2.0.8 > > Attachments: screenshot-1.jpg, screenshot-2.jpg > > > We can kill a server in just a few seconds using the stress test found in > DIRMINA-762. > If we inject messages with no delay, using 50 threads to do that, the > ProtocolCodecFilter$MessageWriteRequest is stuffed with hundred of thousands > messages waiting to be written back to the client, with no success. > On the client side, we receive almost no messages : > 0 messages/sec (total messages received 1) > 2 messages/sec (total messages received 11) > 8 messages/sec (total messages received 55) > 8 messages/sec (total messages received 95) > 9 messages/sec (total messages received 144) > 3 messages/sec (total messages received 162) > 1 messages/sec (total messages received 169) > ... > On the server side, the memory is totally swamped in 20 seconds, with no way > to recover : > Exception in thread "pool-1-thread-1" java.lang.OutOfMemoryError: Java heap > space > (see graph attached) > On the server, ConcurrentLinkedQueue contain the messages to be written (in > my case, 724 499 Node are present). There are also 361629 > DefaultWriteRequests, 361628 DefaultWriteFutures, 361625 SimpleBuffer, 361 > 618 ProtocolCodecFilter$MessageWriteRequest and 361 614 > ProtocolCodecFilter$EncodedWriteRequests. > That mean we don't flush them to the client at all. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira