[mod_cluster-issues] [JBoss JIRA] (MODCLUSTER-417) Obfuscating jvmRoute as to hide topology
Radoslav Husar (JIRA)
issues at jboss.org
Wed Jun 18 08:43:25 EDT 2014
[ https://issues.jboss.org/browse/MODCLUSTER-417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12977354#comment-12977354 ]
Radoslav Husar edited comment on MODCLUSTER-417 at 6/18/14 8:42 AM:
--------------------------------------------------------------------
Hm, I am afraid it is not going to help with WildFly 8 and above anyway. If you proceed as an attacker such as:
# create a request, remember the session id (somehow including the obfuscated route)
# let the http session expire
# spawn DOS attack with the same session id but since LB has no idea that is has already expired, it will be *always* routed to the same node
# the node is going to create a new session and use key affinity service so that the session is local to that node
# you can use all the new created sessions knowing they are all routed to the same node anyway
# to DOS multiple different nodes at once, you can do the same and observe response rate degradation
So the suggested approach is probably not going to help at all.
was (Author: rhusar):
Hm, I am afraid it is not going to help with WildFly 8 and above anyway. If you proceed as an attacker such as:
# create a request, remember the session id (somehow including the obfuscated route)
# let the http session expire
# spawn DOS attack with the same session id but since LB has no idea that is has already expired, it will be *always* routed to the same node
# the node is going to create a new session and use key affinity service so that the session is local to that node
So the suggested approach is probably not going to help at all.
> Obfuscating jvmRoute as to hide topology
> ----------------------------------------
>
> Key: MODCLUSTER-417
> URL: https://issues.jboss.org/browse/MODCLUSTER-417
> Project: mod_cluster
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: Native (httpd modules)
> Affects Versions: 1.3.0.Final, 1.2.9.Final
> Reporter: Radoslav Husar
> Assignee: Jean-Frederic Clere
> Priority: Minor
>
> Feature request from https://github.com/jmcabrera
> Hello guys.
> First of all, this is a feature request and not a bug.
> I would like to "obfuscate" the jvmRoute so that an external attacker cannot "guess" the topology of my internal infrastructure.
> The "strong" way would be to have a symmetrical cipher with a configurable key.
> mod_cluster could then cipher the jsessionid before exposing it to the external world, and decipher it to recover the jvmRoute and properly redirect the request.
> But I guess that this would have very undesirable consequences on performance.
> The "weak" way would be just obfuscate, i.e. let's say that the jsessionid is alea + '.' + jvmRoute. We could take a part of the alea to alter the jvmroute in a reversible way (XORing for instance).
> Anyhow, the expected effect would be that the jvmroute would be externally different for each and every request.
> Unfortunately, I have close to no C skills, hence I cannot make this myself.
> (as a side note, coming from mod_jk, I'm quite impressed by the features mod_cluster offers! Thanks for the good work :) )
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the mod_cluster-issues
mailing list