[rabbitmq-discuss] Management plugin trashing a server?

Simon MacMullen simon at rabbitmq.com
Thu Mar 17 18:12:28 GMT 2011


On 17/03/11 14:31, Ivan Sanchez wrote:
>    Thanks for the answer. Our log had a bunch of:
>
> =ERROR REPORT==== 16-Mar-2011::10:09:53 ===
> exception on TCP connection<0.364.0>  from ******************:64318
> {channel0_error,starting,
>                  {amqp_error,access_refused,
>                              "AMQPLAIN login refused: user 'flash' -
> invalid credentials",
>                              'connection.start_ok'}}
>
>     The user 'flash' is a valid login, and the only place it's used is
> from our own app, where the password is properly set.
>
>     In the logs I can see 4000+ of these in a 5 minutes periods shortly
> after the server was started. They all came from external TCP
> connections (none from our servers). After removing the plugins we
> didn't get any of those errors anymore.

Hmm. I'm very inclined to think that must be a coincidence.

That log message is not one that can be produced by the management 
plugin - that's a remote host trying and failing to connect over AMQP.

Interestingly it's using the (slightly) oddball AMQPLAIN authentication 
mechanism, which implies it's either the RabbitMQ Erlang client from 
2.2.0 or earlier (or something that uses that, like rabbitmq-shovel), or 
one of the old QPid clients. Does that sound like anything that could be 
on your network?

I would certainly be inclined to find out who owns the hosts in question 
and go and have a word.

Of course, the fact that this was able to make the server hang is not 
great. There are some anti-DOS provisions in recent versions of 
RabbitMQ, but they don't really help when a ton of hosts are all trying 
to connect at once.

Cheers, Simon

-- 
Simon MacMullen
Staff Engineer, RabbitMQ
SpringSource, a division of VMware



More information about the rabbitmq-discuss mailing list