0

I've written a java server application for a software solution I'm fiddling with.

The server uses multithreading to handle sockets and postgresql as a database. I'm worried about potential evil-doers, as right now, someone would easily be able to mess with my server by connecting repeatedly very fast.

Basically I'm looking for a way to only accept connections from computers, who haven't connected within the past second or w/e. I figured I could register all connecting and set a timer, but I also figured that the server could still be overloaded having to check many connections at the same time, albeit not as much as it would be without a timer.

I've searched stackoverflow and serverfault with no result to this specific problem :/.

The set up is really simple. All connections are accepted in the main method and forwarded to the corresponding thread:

    public static void main(String[] args) {
    gui = new mainFrame();
    try {
        ServerSocket serverSock = new ServerSocket(80);
        while (true) {
            Socket sock = serverSock.accept();
            new Thread(new listenThread(sock)).start();
        }
    } catch (IOException ex) {
        methods.log("Couldn't create server");
        ex.printStackTrace();
    }
}

Would appreciate any help. Mike.

Mike Haye
  • 113
  • 3

3 Answers3

2

OSSEC has something called "Active Response" that looks at server logs and if certain rules are broken, like for instance, a user attempts to log into SSH with a failed password more than 5 times, it will block the IP Address for a set amount of time.

You could maintain a list such as this, but as you noted it would get extensive. Once strategy would be to set up a expiry time for the different items on the list, so the list you check against for blocked users doesn't get that extensive.

That's highly conceptual, without more details details as to your set up I couldn't help you out more.

RyPeck
  • 121
  • 4
  • I'm checking this out now, thanks :). My set up is very simple. It's basically just a main that handles socket connections and forwards them to the right thread. I've updated my question with it. – Mike Haye Jul 26 '11 at 10:15
2

You could solve this at the OS level with iptables. The below lines are taken from debian linux, YMMV. It will limit connections to 3 in a 60 second span.

iptables -I INPUT -p tcp --dport 5432 -i eth0 -m state --state NEW -m recent --set

iptables -I INPUT -p tcp --dport 5432 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP

This assumes you run your postgresql server on port 5432 and eth0 is the internet-facing card.

If there is any other port you wish to limit you can just replace the port number.

Source and more examples (For ssh, port 22) http://www.debian-administration.org/articles/187

artifex
  • 1,634
  • 1
  • 17
  • 22
  • Thanks for your answer. This is very useful, but still doesn't address the issue of multiple connections from the same ip. Is that something iptables can take care of too? – Mike Haye Jul 26 '11 at 11:19
  • iptables is governing the connections on the OS level. Before the connections are even sent to the database. This means that you can, with the above, stop the same IP from connecting more than 3 times for each give 60 seconds. If i understand your question correctly – artifex Jul 27 '11 at 05:22
  • So the above limits the same ip ? That is exactly what I'm looking for :) Too bad I can't test it with my windows development computer, but I think my server will run ubuntu. any similar windows implementations of this? – Mike Haye Jul 27 '11 at 10:53
  • I'm not competent enough in windows environments to answer your last question. – artifex Jul 27 '11 at 11:06
1

A simple solution would be to used a connection pool for your database server. That would be a natural bottleneck to limit the load on the database and thus on the server.

Or put your app behind a basic web server that implements worker threads and limit the number of threads (or implement the same thing in your app)

jqa
  • 451
  • 2
  • 7