Closing off remote connections when the server "believes" it is under attack is dangerous. This opens up new routes for Denial of Service attacks. <br><br><div class="gmail_quote">On Tue, Sep 6, 2011 at 11:54 AM, Darran Lofthouse <span dir="ltr"><<a href="mailto:darran.lofthouse@jboss.com">darran.lofthouse@jboss.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">On 09/06/2011 02:50 PM, Sanne Grinovero wrote:<br>
>>><br>
>>> Depending on your needs it might not suite you: LIRS provides a<br>
>>> bounded container, so it might drop some values even if the timeout<br>
>>> was not reached.<br>
>><br>
>> Thanks Sanne, that is probably not going to meet what I need - one thing I<br>
>> am looking at is better tracking of failed authentication attempts so I<br>
>> wouldn't want someone to be able to force an item out by causing additional<br>
>> entries to be added.<br>
>><br>
><br>
> I really don't know about your plans, but having a limit in the amount<br>
> of entries the cache will be able to hold is generally a good idea.<br>
<br>
</div>Yes in that case I would probably look at an option to just stop<br>
accepting remote connection attempts if it appears the server is really<br>
under attack - I will start a separate discussion on how people believe<br>
that should behave.<br>
<div><div></div><div class="h5"><br>
> A malicious user could otherwise find a pattern to fill the memory of<br>
> the AS by sending the appropriate (failing) authentication attempts,<br>
> maybe from multiple users.<br>
><br>
> Sanne<br>
_______________________________________________<br>
jboss-as7-dev mailing list<br>
<a href="mailto:jboss-as7-dev@lists.jboss.org">jboss-as7-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/jboss-as7-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/jboss-as7-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Lincoln Baxter, III<br><a href="http://ocpsoft.com">http://ocpsoft.com</a><br><a href="http://scrumshark.com">http://scrumshark.com</a><br>"Keep it Simple"<br>