JmDNS / Bugs / #130 UDP portscan causes JmDNS to log excessively

Comment has been marked as spam.
Undo

View and moderate all "bugs Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Bugs"

Anonymous - 2012-05-24

That is logging 11020 lines (~1MB) every 300ms:

grep --line-number 'DNSIncoming.readQuestion' server.log_2012-05-23T15-57-14

3:SEVERE [2012-05-23 15:57:14,565] j.j.i.DNSIncoming.readQuestion: Could not find record type: dns[query,<ip_address>:<port>, length=229, id=0x4f50, flags=0x5449:aa, questions=5492
11023:SEVERE [2012-05-23 15:57:14,844] j.j.i.DNSIncoming.readQuestion: Could not find record type: dns[query,<ip_address>:<port>, length=229, id=0x4f50, flags=0x5449:aa, questions=5493

That is logging 11020 lines \(~1MB\) every 300ms: grep --line-number 'DNSIncoming.readQuestion' server.log\_2012-05-23T15-57-14 3:SEVERE \[2012-05-23 15:57:14,565\] j.j.i.DNSIncoming.readQuestion: Could not find record type: dns\[query,<ip\_address>:<port>, length=229, id=0x4f50, flags=0x5449:aa, questions=5492 11023:SEVERE \[2012-05-23 15:57:14,844\] j.j.i.DNSIncoming.readQuestion: Could not find record type: dns\[query,<ip\_address>:<port>, length=229, id=0x4f50, flags=0x5449:aa, questions=5493

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "bugs Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Bugs"

Anonymous - 2012-05-25

The bug is repeatable with this test a colleague of mine made:

package javax.jmdns.test;

import java.net.DatagramPacket;
import java.net.InetAddress;
import java.util.Enumeration;
import java.util.logging.ConsoleHandler;
import java.util.logging.Level;
import java.util.logging.LogManager;
import java.util.logging.Logger;

import javax.jmdns.impl.DNSIncoming;
import javax.jmdns.impl.constants.DNSConstants;

import org.junit.Before;
import org.junit.Test;

public class Dos {

// This package is one the packages sent by nmap when run as: nmap -v -sU -sV -F 127.0.0.1
private static final byte[] nmap_scan_package = new byte[] {
0x30, (byte)0x82, 0x00, 0x2f, 0x02, 0x01, 0x00, 0x04, 0x06, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, (byte)0xa0, (byte)0x82, 0x00, 0x20, 0x02, 0x04, 0x4c, 0x33, (byte)0xa7, 0x56, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, (byte)0x82, 0x00, 0x10, 0x30, (byte)0x82, 0x00, 0x0c, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x01, 0x05, 0x00, 0x05, 0x00
};

@Test
public void x() throws Exception {
// The DNSIncoming constructor should probably do bounds checking on the following parts of the
// package: questions, answers, authorities, additionals
// The package above results in these values
// questions -> 513
// answers -> 4
// authorities -> 1648
// additionals -> 30050
new DNSIncoming(new DatagramPacket(nmap_scan_package, nmap_scan_package.length, InetAddress.getByName(DNSConstants.MDNS_GROUP), DNSConstants.MDNS_PORT));
}

@Before
public void enableLogging() {
ConsoleHandler handler = new ConsoleHandler();
handler.setLevel(Level.FINEST);
for (Enumeration<String> enumerator = LogManager.getLogManager().getLoggerNames(); enumerator.hasMoreElements();) {
String loggerName = enumerator.nextElement();
Logger logger = Logger.getLogger(loggerName);
logger.addHandler(handler);
logger.setLevel(Level.FINEST);
}
}
}

The bug is repeatable with this test a colleague of mine made: package javax.jmdns.test; import java.net.DatagramPacket; import java.net.InetAddress; import java.util.Enumeration; import java.util.logging.ConsoleHandler; import java.util.logging.Level; import java.util.logging.LogManager; import java.util.logging.Logger; import javax.jmdns.impl.DNSIncoming; import javax.jmdns.impl.constants.DNSConstants; import org.junit.Before; import org.junit.Test; public class Dos \{ // This package is one the packages sent by nmap when run as: nmap -v -sU -sV -F 127.0.0.1 private static final byte\[\] nmap\_scan\_package = new byte\[\] \{ 0x30, \(byte\)0x82, 0x00, 0x2f, 0x02, 0x01, 0x00, 0x04, 0x06, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, \(byte\)0xa0, \(byte\)0x82, 0x00, 0x20, 0x02, 0x04, 0x4c, 0x33, \(byte\)0xa7, 0x56, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, \(byte\)0x82, 0x00, 0x10, 0x30, \(byte\)0x82, 0x00, 0x0c, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x01, 0x05, 0x00, 0x05, 0x00 \}; @Test public void x\(\) throws Exception \{ // The DNSIncoming constructor should probably do bounds checking on the following parts of the // package: questions, answers, authorities, additionals // The package above results in these values // questions -> 513 // answers -> 4 // authorities -> 1648 // additionals -> 30050 new DNSIncoming\(new DatagramPacket\(nmap\_scan\_package, nmap\_scan\_package.length, InetAddress.getByName\(DNSConstants.MDNS\_GROUP\), DNSConstants.MDNS\_PORT\)\); \} @Before public void enableLogging\(\) \{ ConsoleHandler handler = new ConsoleHandler\(\); handler.setLevel\(Level.FINEST\); for \(Enumeration<String> enumerator = LogManager.getLogManager\(\).getLoggerNames\(\); enumerator.hasMoreElements\(\);\) \{ String loggerName = enumerator.nextElement\(\); Logger logger = Logger.getLogger\(loggerName\); logger.addHandler\(handler\); logger.setLevel\(Level.FINEST\); \} \} \}

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Pierre Frisch - 2012-05-25

assigned_to: nobody --> spearway

status: open --> open-accepted
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Pierre Frisch - 2012-05-25

Ok we should do a sanity check a question is at least 5 bytes and an answer is 11 so we should have a maximum to compare with the packet length.

Pierre

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Pierre Frisch - 2012-05-25

I have comited a fix but I am on vacation with limited bandwith for testing Could you run it through its paces?

Thank you

Pierre

commit -m "UDP portscan causes JmDNS to log excessively - ID: 3529498" /Users/pierre/Projects/workspace/jmdns/CHANGELOG.txt /Users/pierre/Projects/workspace/jmdns/src/main/java/javax/jmdns/impl/DNSIncoming.java /Users/pierre/Projects/workspace/jmdns/src/test/java/javax/jmdns/test/DNSMessageTest.java
Sending /Users/pierre/Projects/workspace/jmdns/CHANGELOG.txt
Sending /Users/pierre/Projects/workspace/jmdns/src/main/java/javax/jmdns/impl/DNSIncoming.java
Sending /Users/pierre/Projects/workspace/jmdns/src/test/java/javax/jmdns/test/DNSMessageTest.java
Transmitting file data ...
Committed revision 341.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Pierre Frisch - 2012-05-25

status: open-accepted --> pending-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "bugs Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Bugs"

Anonymous - 2012-05-28

ok thanks spearway we're trying the patch out now... will get back to you on how it goes.

ok thanks spearway we're trying the patch out now... will get back to you on how it goes.

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "bugs Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Bugs"
Anonymous - 2012-05-28

status: pending-fixed --> open-fixed

- **status**: pending-fixed --> open-fixed

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "bugs Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Bugs"

Anonymous - 2012-05-28

I've tested rev 341 and it looks good, thanks!

Last edit: Anonymous 2014-08-24

I've tested rev 341 and it looks good, thanks\!

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Pierre Frisch - 2012-06-11

status: open-fixed --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

UDP portscan causes JmDNS to log excessively

Group

Searches

Help

#130 UDP portscan causes JmDNS to log excessively

Discussion