Telnet connections on amqp and amqp+ssl transports remain visible in ActiveMQ (only from JMX!) even after they have been closed. Same happens for openssl connections.
This causes the maximumConnections limit to be reached and no more connections are accepted!!!
And it is therefore easy to perform a DoS.
- configure ActiveMQ with the amqp or amqp+ssl transport
- monitor the connections via JMX, with jconsole (clientConnectors->amqp->remoteAddress)
- telnet on the transport port number
- see the new connection in Jconsole
- close the telnet session completely
- connection is still visible in jconsole
If you set the maximumConnections to 3, after three telnets nobody can connect!