[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 1668273] [NEW] DDoS possible on - a QEMU process using
From: |
Nehal J Wani |
Subject: |
[Qemu-devel] [Bug 1668273] [NEW] DDoS possible on - a QEMU process using userspace SLIRP? |
Date: |
Mon, 27 Feb 2017 14:03:28 -0000 |
Public bug reported:
Steps to reproduce:
- Launch a VM using QEMU (2.8.0):
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 address@hidden 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works after this.
** Affects: qemu
Importance: Undecided
Status: New
** Summary changed:
- DDoS possible on QEMU using userspace SLIRP?
+ DDoS possible on - a QEMU process using userspace SLIRP?
** Description changed:
Steps to reproduce:
- Launch a VM using QEMU:
- $ qemu-system-x86_64 -machine accel=kvm \
- -hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
- -m 2G \
- -smp 2 \
- -vnc :8 \
- -boot dc \
- -vga std \
- -cpu host \
- -net nic,vlan=0 \
- -net
user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
+ $ qemu-system-x86_64 \
+ -machine accel=kvm \
+ -hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
+ -m 2G \
+ -smp 2 \
+ -vnc :8 \
+ -boot dc \
+ -vga std \
+ -cpu host \
+ -net nic,vlan=0 \
+ -net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 address@hidden 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program:
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
- public static void main(String[] args) throws Exception {
- int i = 0;
- while (i < 1024) {
- URL this_is_404 = new URL("http://localhost:8082/blah");
- URLConnection yc = this_is_404.openConnection();
- try {
- BufferedReader in = new BufferedReader(new InputStreamReader(
- yc.getInputStream()));
- String inputLine;
- while ((inputLine = in.readLine()) != null)
- System.out.println(inputLine);
- in.close();
- } catch (Exception e) {
- //HttpURLConnection urlConnection = (HttpURLConnection) yc;
- //urlConnection.disconnect();
- }
- i++;
- }
- Thread.sleep(1000000000);
- }
+ public static void main(String[] args) throws Exception {
+ int i = 0;
+ while (i < 1024) {
+ URL this_is_404 = new URL("http://localhost:8082/blah");
+ URLConnection yc = this_is_404.openConnection();
+ try {
+ BufferedReader in = new BufferedReader(new InputStreamReader(
+ yc.getInputStream()));
+ String inputLine;
+ while ((inputLine = in.readLine()) != null)
+ System.out.println(inputLine);
+ in.close();
+ } catch (Exception e) {
+ //HttpURLConnection urlConnection = (HttpURLConnection) yc;
+ //urlConnection.disconnect();
+ }
+ i++;
+ }
+ Thread.sleep(1000000000);
+ }
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works on this.
** Description changed:
Steps to reproduce:
- Launch a VM using QEMU:
$ qemu-system-x86_64 \
- -machine accel=kvm \
+ -machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 address@hidden 'dnf install -y httpd && systemctl start
httpd'
- - Compile and run the following Java program:
+ - Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works on this.
** Description changed:
Steps to reproduce:
- Launch a VM using QEMU:
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 address@hidden 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
- The VM becomes unresponsive. Neither SSH or VNC works on this.
+ The VM becomes unresponsive. Neither SSH or VNC works after this.
** Description changed:
Steps to reproduce:
- - Launch a VM using QEMU:
+ - Launch a VM using QEMU (2.8.0):
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 address@hidden 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works after this.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1668273
Title:
DDoS possible on - a QEMU process using userspace SLIRP?
Status in QEMU:
New
Bug description:
Steps to reproduce:
- Launch a VM using QEMU (2.8.0):
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 address@hidden 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works after this.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1668273/+subscriptions
- [Qemu-devel] [Bug 1668273] [NEW] DDoS possible on - a QEMU process using userspace SLIRP?,
Nehal J Wani <=
- [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?, Nehal J Wani, 2017/02/27
- [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?, Nehal J Wani, 2017/02/27
- [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?, Daniel Berrange, 2017/02/27
- [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?, Nehal J Wani, 2017/02/27
- [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?, Daniel Berrange, 2017/02/27
- [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?, Greg Kurz, 2017/02/27