[
https://issues.apache.org/jira/browse/HDFS-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12829189#action_12829189
]
Todd Lipcon commented on HDFS-945:
----------------------------------
What's the scope of this? It seems there are a number of DoS scenarios to worry
about:
- RPC flooding (as you noted above)
- Malformed packets (it's probably not too hard to find a spot where you can
make the NN allocate way too much memory and crash some important thread)
- Open socket limit exhaustion - what if a client just opened thousands of
connections to the NN's RPC ports without actually sending commands? At some
point you'll hit the ulimit -n
- lots of others
I imagine some of these are high priority and others less so. Focusing on
non-malicious clients first is probably easiest. Although bugs can make
non-malicious clients act like malicious ones for sure, I think your point is
good that we should focus on well-meaning but stupid applications first :)
> Make NameNode resilient to DoS attacks (malicious or otherwise)
> ---------------------------------------------------------------
>
> Key: HDFS-945
> URL: https://issues.apache.org/jira/browse/HDFS-945
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: name-node
> Reporter: Arun C Murthy
>
> We've seen defective applications cause havoc on the NameNode, for e.g. by
> doing 100k+ 'listStatus' on very large directories (60k files) etc.
> I'd like to start a discussion around how we prevent such, and possibly
> malicious applications in the future, taking down the NameNode.
> Thoughts?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
