[JDEV] DoS on server component
DJ Adams
dj.adams at pobox.com
Thu May 16 05:32:05 CDT 2002
On Wed, May 15, 2002 at 06:16:45PM -0400, Federico Lucifredi wrote:
> Hello All,
> While I was typing one of countless telnet probes on a server component
> I am trying to develop, I casually managed to DOS my own server... in a
> quite unexpected way.
...
> My code is modeled after DJ Adams example of an RSS news agent, and for
> the purpose of this discussion, I'll use his:
Uh-oh.... ;-)
> Now, in my sleepyness, I did put in the query
>
> <iq id='browse'
> to='rss.jabber.endorfine.org'
> from='bob at jabber.endorfine.org'
> type='get'>
> <query xmlns='jabber:iq:browse'/>
> </iq>
>
> Apparently the unnecessay from attribute confuses the toFrom() function, and
> the result is that the message keeps being fed to the component by the
> server -
Hmm, this seems a little odd, especially when one considers that the JSM will
whack on the 'correct' from attribute before it reaches the component. Do you
have any log of the packets as the loop starts?
cheers
dj
More information about the JDev
mailing list