[wildfly-dev] DOS causes logs with huge size

Jason Greene jason.greene at redhat.com
Tue Jul 21 15:44:46 EDT 2015 

In the CLI do:

/subsystem=logging/logger=javax.jmdns:add
/subsystem=logging/logger=javax.jmdns:write-attribute(name=level,value=OFF)

Or you can edit the XML and add:

 <logger category="javax.jmdns">
                <level name="OFF"/>
 </logger>

> On Jul 21, 2015, at 2:10 PM, Eduardo Sant'Ana da Silva <eduardo.santanadasilva at gmail.com> wrote:
> 
> No, how can I do this?
> 
> On Jul 21, 2015, at 4:09 PM, Jason Greene <jason.greene at redhat.com <mailto:jason.greene at redhat.com>> wrote:
> 
>> Did you try filtering out all of those log categories?
>> 
>>> On Jul 21, 2015, at 2:04 PM, Eduardo Sant'Ana da Silva <eduardo.santanadasilva at gmail.com <mailto:eduardo.santanadasilva at gmail.com>> wrote:
>>> 
>>> Anyone already saw this?
>>> 
>>> I had, what I presume was a DOS attack in a virtual machine on the cloud, that consumes all space left.
>>> 
>>> I saw single files log with more than 2.5G of information on my standalone log directory:
>>> 
>>> 2015-07-20 06:53:46,024 SEVERE [javax.jmdns.impl.constants.DNSRecordType] (SocketListener(45-55-77-19.local.)) Could not find reco
>>> rd type for index: -1
>>> 2015-07-20 06:53:46,042 SEVERE [javax.jmdns.impl.DNSIncoming] (SocketListener(45-55-77-19.local.)) Could not find record type: dns
>>> [query,192.99.0.161:52050, length=184, id=0x5c78, flags=0x3030]
>>>    0: 5c7830305c783030 5c7830305c783030 5c7830305c783031 5c7830305c783030     \x00\x00 \x00\x00 \x00\x01 \x00\x00
>>>   20: 5c7830305c783030 5c7830305c783030 5c7830395c783546 5c7837335c783635     \x00\x00 \x00\x00 \x09\x5F \x73\x65
>>>   40: 5c7837325c783736 5c7836395c783633 5c7836355c783733 5c7830375c783546     \x72\x76 \x69\x63 \x65\x73 \x07\x5F
>>>   60: 5c7836345c783645 5c7837335c783244 5c7837335c783634 5c7830345c783546     \x64\x6E \x73\x2D \x73\x64 \x04\x5F
>>>   80: 5c7837355c783634 5c7837305c783035 5c7836435c783646 5c7836335c783631     \x75\x64 \x70\x05 \x6C\x6F \x63\x61
>>>   a0: 5c7836435c783030 5c7830305c783043 5c7830305c783031                      \x6C\x00 \x00\x0C \x00\x01
>>> 
>>> 2015-07-20 06:53:46,076 WARNING [javax.jmdns.impl.constants.DNSRecordClass] (SocketListener(45-55-77-19.local.)) Could not find re
>>> cord class for index: -1
>>> 2015-07-20 06:53:46,260 SEVERE [javax.jmdns.impl.DNSIncoming$MessageInputStream] (SocketListener(45-55-77-19.local.)) bad domain n
>>> ame: possible circular name detected. Bad offset: 0xffffffff at 0xb6
>>> 2015-07-20 06:53:46,270 SEVERE [javax.jmdns.impl.constants.DNSRecordType] (SocketListener(45-55-77-19.local.)) Could not find reco
>>> rd type for index: -1
>>> 2015-07-20 06:53:46,296 SEVERE [javax.jmdns.impl.DNSIncoming] (SocketListener(45-55-77-19.local.)) Could not find record type: dns
>>> [query,192.99.0.161:52050, length=184, id=0x5c78, flags=0x3030, questions=1
>>> questions:
>>> 	[DNSQuestion at 2024648779 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: 0\x00\x01\x00\x00\x00\x00\x00\x00\x
>>> 09\x5F\x73\x6.\x72\x76\x69\x63\x65\x73\x07\x5F\x64\x6E\x73\x2D\x73\.4\x04\x5F\x75\x64\x70\x05\x6C\x6F\x63\x61\x6C\x00\x00\.C\x00\x
>>> 01ϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿ.]]
>>> 	question:      [DNSQuestion at 2024648779 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: 0\x00\x01\x00\x00\x0
>>> 0\x00\x00\x00\x09\x5F\x73\x6.\x72\x76\x69\x63\x65\x73\x07\x5F\x64\x6E\x73\x2D\x73\.4\x04\x5F\x75\x64\x70\x05\x6C\x6F\x63\x61\x6C\x
>>> 00\x00\.C\x00\x01ϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿϿ.]
>>>    0: 5c7830305c783030 5c7830305c783030 5c7830305c783031 5c7830305c783030     \x00\x00 \x00\x00 \x00\x01 \x00\x00
>>>   20: 5c7830305c783030 5c7830305c783030 5c7830395c783546 5c7837335c783635     \x00\x00 \x00\x00 \x09\x5F \x73\x65
>>>   40: 5c7837325c783736 5c7836395c783633 5c7836355c783733 5c7830375c783546     \x72\x76 \x69\x63 \x65\x73 \x07\x5F
>>>   60: 5c7836345c783645 5c7837335c783244 5c7837335c783634 5c7830345c783546     \x64\x6E \x73\x2D \x73\x64 \x04\x5F
>>>   80: 5c7837355c783634 5c7837305c783035 5c7836435c783646 5c7836335c783631     \x75\x64 \x70\x05 \x6C\x6F \x63\x61
>>>   a0: 5c7836435c783030 5c7830305c783043 5c7830305c783031                      \x6C\x00 \x00\x0C \x00\x01
>>> 
>>> 
>>> 
>>> Maybe this could give a hint:
>>> 
>>> http://sourceforge.net/p/jmdns/bugs/130/ <http://sourceforge.net/p/jmdns/bugs/130/>
>>> 
>>> Is this an issue that wildfly should care about?
>>> 
>>> Regards
>>> Eduardo Sant'Ana da Silva
>>> _______________________________________________
>>> wildfly-dev mailing list
>>> wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev <https://lists.jboss.org/mailman/listinfo/wildfly-dev>
>> --
>> Jason T. Greene
>> WildFly Lead / JBoss EAP Platform Architect
>> JBoss, a division of Red Hat
>> 
> 

--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20150721/0b647b84/attachment-0001.html

More information about the wildfly-dev mailing list