Hi zhanggang, thank you for the report. Unfortunately the attachment did not come through (probably stripped by the ML daemon).
Iiuc this does sound like a problem that would be good to address. We have code in place to limit the number of concurrent sessions that a particular IP can hold open at any one time - specifically to address the type of issue you describe. However I believe it only addresses session count, not tcp connections. This would be a good one to fix - please create a jira and if possible submit a patch. Thanks! Patrick On Tue, Nov 21, 2017 at 7:09 AM, zhanggang <[email protected]> wrote: > > > Hi Zookeeper expert, we encountered a slow attack problem, described as > follows, please help to analyze and confirm, thank you very much. > > > > *Problem:* > > In the client using some method (such as telnet) to establish a tcp > connection with server-side zookeeper listening port , but after the > establishment of tcp connection, the client does not send any data. > However, apache will not disconnect this tcp connection, may lead to the > number of connections exhausted , Resulting in DOS > > > > *The attack process**:* > > 1. The client executes the telnet service port > > Start the client telnet server port 21816,53236,50548, do not exit for a > long time: > > Excuting an order: > > telnet 3.101.3.119 21816 > > telnet 3.101.3.118 53236 > > telnet 3.101.3.124 50548 > > >
