Are you thinking about something like the producer flow control [1]?
Hadrian [1] http://activemq.apache.org/producer-flow-control.html On 04/09/2015 07:01 AM, xabhi wrote:
Hi, I was thinking about ways in which I cause DOS attack on activemq and how to prevent it. I can bring the setup down by: 1. creating large number of connections - restrict based on connectionID? 2. large number of destinations 3. large number of subscriptions, consumers, producers, wildcard subscriptions etc - restrict wildcard subscription, limit no of consumer/producer? 4. Sending large number of persistent/non-persistent messages with huge sizes - limit msgsize that can be sent? I don't know how to implement each of them and would like to get ActiveMQ community's thought on how to prevent these scenarios (either by hacking into/enriching activemq code - Plugins ?). What are other ways to create a DOS attack on activemq? I know ActiveMQ provides basic authentication/authorization (username/password) to restrict some of these cases like authorization policy for destinations based on user name, groups. What I am talking about is an unintentional DOS attack- where an legitimate application/client goes berserk to bug in code etc. and creates large number of connections or does a wildcard subscription and start receiving all messages etc. I would like to get thought on how to prevent each of the cases I pointed before. Thanks, Abhi -- View this message in context: http://activemq.2283324.n4.nabble.com/DOS-attack-on-activemq-setup-tp4694598.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
