[JDEV] Possible Denial of Service in mio_ssl.c
Martin Lesser
jabber-adm at better-com.de
Fri Jun 7 02:27:59 CDT 2002
The last days we had some trouble with a script-kiddie:
Looks like this kid wrote a script which permanently (at least every
second) tried to connect to port 5223 of our Jabber-Server (1.4.2)
without having a real ssl-client at his side.
This caused a huge number of log-entries (after enabling debugging):
mio_ssl.c:238 SSL accepting socket with new session 82aeb48
mio_ssl.c:256 Error from SSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
mio_ssl.c:257 SSL Error in SSL_accept call
After some time this caused our main jabberd to hang - only a restart of
jabberd after inserting a DROP-Rule for the kiddies IP into our
iptables-ruleset brought jabberd back into stable working.
At the moment I've no idea how to prevent jabberd of looping endless/too
soon through mio_ssl in such a case, perhaps the heartbeat-monitor could
help us here but I don't know how.
Please correct me if you think that there's a possible misconfiguration
at our side so I can post the relevant parts of our conf-files.
BTW, is there a simple way to see which current user comes from which IP?
netstat at this point is only partially helpful.
TIA,
Martin
--
Express-Kommunikation mit Jabber:
JabberID: martin at jabber.bettercom.de
More information about the JDev
mailing list