Re: maximum data over link

From: Bowie Owens <bowie owens csiro au>
To: Bart Vanherck <herckb pandora be>
Cc: orbit-list <orbit-list gnome org>
Subject: Re: maximum data over link
Date: Tue, 28 Sep 2004 08:36:44 +1000

Bart Vanherck wrote:

On Mon, 2004-09-27 at 03:31, Bowie Owens wrote:
As I understand it, the purpose of GIOP_INITIAL_MSG_SIZE_LIMIT is to prevent a DOS attack from consuming memory on a server via large invalid messages. The first time a server receives a valid message it is supposed to record that the client is legit and ignore the size of the messages from then on. So you can send a short "hello" message to the server and then after that send messages of any size. A while ago ORBit was always applying the size limit. I don't know if it still does this as I ended up working around the problem using the command line argument:

--ORBInitialMsgLimit=4000000000

I did some tests with this and I saw that after first sending an hello message, and afterwards retrieving a huge buffer does not work. The command line argument does work. However I have a little question. This GIOP_INITIAL_MSG_SIZE_LIMIT is for me at the "client" side that is preventing to receive a large buffer. And so I did set the argument for the client only. How does this prevent a possible DOS ?

The client still has to listen for messages coming in on its connections. The point I didn't mention is that the size check is done only on the header. The message body is not stored in memory if the size check fails. If ORBit were to read in the entire message before establishing its validity, a rogue program could send your client a very large message to consume resources on your machine. By sending lots of large messages the rogue program should be able to force the machine to thrash uselessly. By rejecting large messages before reading them this kind of attack is prevented.

I did not have to set this argument at the
server side.

Sending is a bit different from receiving a message. The sending program can trust itself. However, the receiving program has to be doubtful about the nature of anything it receives.


--
Bowie Owens

CSIRO Mathematical & Information Sciences
phone  : +61 3 9545 8055
fax    : +61 3 9545 8080
mobile : 0425 729 875
email  : Bowie Owens csiro au

References:
- maximum data over link
  - From: Bart Vanherck
- Re: maximum data over link
  - From: Bowie Owens
- Re: maximum data over link
  - From: Bart Vanherck

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]