Uploaded image for project: 'ActiveMQ'
  1. ActiveMQ
  2. AMQ-5829

Fake AMQP connections remain in ActiveMQ and cause denial of service

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Duplicate
    • Affects Version/s: 5.11.1
    • Fix Version/s: 5.12.0
    • Component/s: Connector
    • Labels:
      None
    • Environment:

      Linux RedHat 5.5

    • Flags:
      Important

      Description

      Telnet connections on amqp and amqp+ssl transports remain visible in ActiveMQ (only from JMX!) even after they have been closed. Same happens for openssl connections.

      This causes the maximumConnections limit to be reached and no more connections are accepted!!!

      And it is therefore easy to perform a DoS.

      To reproduce:

      • configure ActiveMQ with the amqp or amqp+ssl transport
      • monitor the connections via JMX, with jconsole (clientConnectors->amqp->remoteAddress)
      • telnet on the transport port number
      • see the new connection in Jconsole
      • close the telnet session completely
      • connection is still visible in jconsole

      If you set the maximumConnections to 3, after three telnets nobody can connect!

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                leorigu Leo Riguspi
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: