[JDEV] DoS on server component
Thomas Muldowney
temas at box5.net
Fri May 17 13:55:02 CDT 2002
Is this sent from the component? Components are fully trusted and must
ensure they use a correct from, or else this could happen.
--temas
DJ Adams wrote:
>On Wed, May 15, 2002 at 06:16:45PM -0400, Federico Lucifredi wrote:
>
>
>>Hello All,
>> While I was typing one of countless telnet probes on a server component
>>I am trying to develop, I casually managed to DOS my own server... in a
>>quite unexpected way.
>>
>>
>
>...
>
>
>
>> My code is modeled after DJ Adams example of an RSS news agent, and for
>>the purpose of this discussion, I'll use his:
>>
>>
>
>Uh-oh.... ;-)
>
>
>
>>Now, in my sleepyness, I did put in the query
>>
>><iq id='browse'
>> to='rss.jabber.endorfine.org'
>> from='bob at jabber.endorfine.org'
>> type='get'>
>> <query xmlns='jabber:iq:browse'/>
>></iq>
>>
>>Apparently the unnecessay from attribute confuses the toFrom() function, and
>>the result is that the message keeps being fed to the component by the
>>server -
>>
>>
>
>Hmm, this seems a little odd, especially when one considers that the JSM will
>whack on the 'correct' from attribute before it reaches the component. Do you
>have any log of the packets as the loop starts?
>
>cheers
>dj
>_______________________________________________
>jdev mailing list
>jdev at jabber.org
>http://mailman.jabber.org/listinfo/jdev
>
>
More information about the JDev
mailing list