Date: Wed, 11 Mar 1998 14:00:01 -0800
From: sunilkh@ivs-5.gvg.tek.com (Sunil Khiani)
Message-Id: <199803112200.OAA04187@ivs-5.gvg.tek.com>
To: java-security@web1.javasoft.com, Sunil.Khiani@tek.com,
Subject: Re: Denial of Service Attack?
Hi,
My applet used a timespinner component extending from
symantec.itools.awt.util.spinner.ListSpinner. The component has a thread
which the Netscape browser could not be able to kill. The resources
being used by the thread never got freed. Continous reloading of
the applet lead to denial of service.
I have prepared a small test case and forwarded it to netscape representative.
Thanks,
-Sunil.
> From Marianne.Mueller@Eng.Sun.COM Tue Mar 10 12:18:23 1998
> Date: Tue, 10 Mar 1998 12:05:47 -0800 (PST)
> From: Marianne Mueller <Marianne.Mueller@Eng.Sun.COM>
> Subject: Re: Denial of Service Attack?
> To: java-security@web1.javasoft.com, Sunil.Khiani@tek.com
> Mime-Version: 1.0
> Content-Md5: ySfGqx6jN7TW2YoAmcSGNA==
>
> Hi,
>
> I don't think this is a denial of service attack so much as
> a performance/tuning problem. Have you experienced the same
> behavior with the appletviewer? That would at least let you
> know if the problem is related to the JDK classes or if it's related
> to the JVMs embedded in the browsers.
>
> Marianne
>
> > Date: Tue, 10 Mar 1998 09:14:11 -0800
> > From: Sunil Khiani <Sunil.Khiani@tek.com>
> > Mime-Version: 1.0
> > To: java-security@web1.javasoft.com
> > Subject: Denial of Service Attack?
> > Content-Transfer-Encoding: 7bit
> >
> > Hi,
> >
> > We are developing applets using Symantec Cafe2.0. Each Applet has lot
> > of widgets i.e. GUI components. Individually the applets work fine. But
> >
> > when a user navigates among the applets, the Window 95 Resources(system,
> >
> > user, gdi) go down slowly but surely; The Netscape communicator (version
> >
> > 4.4 with JDK1.1 patch) becomes very slow to the point of being
> > unusable.
> >
> > I have tried putting
> > (1) System.gc() calls, System.finalization() calls in destroy method of
> > the applets
> > (2)I also have put the call
> > "netscape.applet.Control.setAppletPruningThreshold(0)" so every loaded
> > applet, destroys up the previous applet.
> > But the resource leaks do not get plugged.
> >
> > If anyone knows a way to avoid this denial of service attack, please
> > let me know.
> >
> > Thanks,
> > -Sunil.
> > Sunil.Khiani@tek.com
> > /*************************************/
> > /* Sunil K. Khiani */
> > /* Tektronix,Inc */
> > /* P.Box - 1114 */
> > /* Grass Valley, CA 95945 */
> > /* Tel. No.# 530-478-4098 (O) */
> > /* Fax. No.# 530-478-3820 */
> > /* Email:Sunil.Khiani@tek.com */
> > /* There is more than one way to do it */
> > /* -Larry Wall */
> > /**************************************/
> >
>
>