no, it is sent by a sleepy developer =) -- actually, a client. I will dig out the packets this weekend and do a more thorough analysis of what's going on as requested by DJ..
-Federico ----- Original Message ----- From: "Thomas Muldowney" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, May 17, 2002 14:55 Subject: Re: [JDEV] DoS on server component > Is this sent from the component? Components are fully trusted and must > ensure they use a correct from, or else this could happen. > > --temas > > > > DJ Adams wrote: > > >On Wed, May 15, 2002 at 06:16:45PM -0400, Federico Lucifredi wrote: > > > > > >>Hello All, > >> While I was typing one of countless telnet probes on a server component > >>I am trying to develop, I casually managed to DOS my own server... in a > >>quite unexpected way. > >> > >> > > > >... > > > > > > > >> My code is modeled after DJ Adams example of an RSS news agent, and for > >>the purpose of this discussion, I'll use his: > >> > >> > > > >Uh-oh.... ;-) > > > > > > > >>Now, in my sleepyness, I did put in the query > >> > >><iq id='browse' > >> to='rss.jabber.endorfine.org' > >> from='[EMAIL PROTECTED]' > >> type='get'> > >> <query xmlns='jabber:iq:browse'/> > >></iq> > >> > >>Apparently the unnecessay from attribute confuses the toFrom() function, and > >>the result is that the message keeps being fed to the component by the > >>server - > >> > >> > > > >Hmm, this seems a little odd, especially when one considers that the JSM will > >whack on the 'correct' from attribute before it reaches the component. Do you > >have any log of the packets as the loop starts? > > > >cheers > >dj > >_______________________________________________ > >jdev mailing list > >[EMAIL PROTECTED] > >http://mailman.jabber.org/listinfo/jdev > > > > > > > > _______________________________________________ > jdev mailing list > [EMAIL PROTECTED] > http://mailman.jabber.org/listinfo/jdev > _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
