[JBoss JIRA] (MODCLUSTER-417) Obfuscating jvmRoute as to hide topology

Wednesday, 18 June 2014

    [
https://issues.jboss.org/browse/MODCLUSTER-417?page=com.atlassian.jira.pl...
] 

Juan Manuel CABRERA commented on MODCLUSTER-417:
------------------------------------------------

Hello everyone.
I'm the originator of that feature request, so I'll try to explain a little more
why I think this is a good idea.
Imagine an attacker that wants to create a DOS attack on a particular cluster.
Its simpler for him to crash each nodes one at the time, this would require substantially
less power that trying to crash the whole cluster as a whole and would be much more
efficient.
Each time you successfully kill a node, the load on each remaining node is mechanically
increased and very likely, the last few nodes will crash on their own under the full
"normal" load.
An example: if killing a whole cluster of 100 nodes requires an overload of say X:
 - killing the first node requires 1% of X obviously
 - second node requires 0.96% of X so you can start killing 3 a bit.
 - ..
 - Node 12 is killed twice as fast as node 1 with the same power
 - Node 16 is killed 4x faster than node 1
 - Node 19 and 20 die almost instantly
 - After the node 20 has crashed, the remaining nodes are > 100% so there is little to
do to kill these if they are not dead already.

As it goes with any attack possibility, there are certainly ways to prevent that with
other means, but I think that the obfuscation/ciphering of the jvmroute would be a good
protection.

Kind regards, 
Juan Manuel

...
 Obfuscating jvmRoute as to hide topology
 ----------------------------------------

                 Key: MODCLUSTER-417
                 URL: https://issues.jboss.org/browse/MODCLUSTER-417
             Project: mod_cluster
          Issue Type: Feature Request
      Security Level: Public(Everyone can see) 
          Components: Native (httpd modules)
    Affects Versions: 1.3.0.Final, 1.2.9.Final
            Reporter: Radoslav Husar
            Assignee: Jean-Frederic Clere
            Priority: Minor

 Feature request from https://github.com/jmcabrera
 Hello guys.
 First of all, this is a feature request and not a bug.
 I would like to "obfuscate" the jvmRoute so that an external attacker cannot
"guess" the topology of my internal infrastructure.
 The "strong" way would be to have a symmetrical cipher with a configurable
key.
 mod_cluster could then cipher the jsessionid before exposing it to the external world,
and decipher it to recover the jvmRoute and properly redirect the request.
 But I guess that this would have very undesirable consequences on performance.
 The "weak" way would be just obfuscate, i.e. let's say that the jsessionid
is alea + '.' + jvmRoute. We could take a part of the alea to alter the jvmroute
in a reversible way (XORing for instance).
 Anyhow, the expected effect would be that the jvmroute would be externally different for
each and every request.
 Unfortunately, I have close to no C skills, hence I cannot make this myself.
 (as a side note, coming from mod_jk, I'm quite impressed by the features mod_cluster
offers! Thanks for the good work :) ) 

--
This message was sent by Atlassian JIRA
(v6.2.6#6264)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009