Re: maximum data over link
- From: Bowie Owens <bowie owens csiro au>
- To: Bart Vanherck <herckb pandora be>
- Cc: orbit-list <orbit-list gnome org>
- Subject: Re: maximum data over link
- Date: Tue, 28 Sep 2004 08:36:44 +1000
Bart Vanherck wrote:
On Mon, 2004-09-27 at 03:31, Bowie Owens wrote:
As I understand it, the purpose of GIOP_INITIAL_MSG_SIZE_LIMIT is to
prevent a DOS attack from consuming memory on a server via large invalid
messages. The first time a server receives a valid message it is
supposed to record that the client is legit and ignore the size of the
messages from then on. So you can send a short "hello" message to the
server and then after that send messages of any size. A while ago ORBit
was always applying the size limit. I don't know if it still does this
as I ended up working around the problem using the command line argument:
--ORBInitialMsgLimit=4000000000
I did some tests with this and I saw that after first sending an hello
message, and afterwards retrieving a huge buffer does not work. The
command line argument does work.
However I have a little question. This GIOP_INITIAL_MSG_SIZE_LIMIT is
for me at the "client" side that is preventing to receive a large
buffer. And so I did set the argument for the client only. How does this
prevent a possible DOS ?
The client still has to listen for messages coming in on its
connections. The point I didn't mention is that the size check is done
only on the header. The message body is not stored in memory if the size
check fails. If ORBit were to read in the entire message before
establishing its validity, a rogue program could send your client a very
large message to consume resources on your machine. By sending lots of
large messages the rogue program should be able to force the machine to
thrash uselessly. By rejecting large messages before reading them this
kind of attack is prevented.
I did not have to set this argument at the
server side.
Sending is a bit different from receiving a message. The sending program
can trust itself. However, the receiving program has to be doubtful
about the nature of anything it receives.
--
Bowie Owens
CSIRO Mathematical & Information Sciences
phone : +61 3 9545 8055
fax : +61 3 9545 8080
mobile : 0425 729 875
email : Bowie Owens csiro au
[
Date Prev][Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]