[rabbitmq-discuss] OOM kill

Dmitry Andrianov dmitry.andrianov at alertme.com
Sat Mar 8 16:16:47 GMT 2014


MySQL or any other SQL is almost never exposed to the internet - most of the time clients use some RESTful HTTP API or something similar. Because of that there is usually no need to protect database from DOS attacks.

Internet facing services usually have some sort of protection - it is true for all major HTTP servers, SMTP and others.

To be honest, I am not sure if Rabbit was designed to be internet facing or it was created to be used only in a trusted environment. I just assumed it is ok to put it into public internet because of other people doing so.

I will check CloudAMQP out.

Thanks!


> On 8 Mar 2014, at 15:00, Michael Klishin <mklishin at gopivotal.com> wrote:
> 
> 
>> On 8 Mar 2014, at 18:54, Dmitry Andrianov <dmitry.andrianov at alertme.com> wrote:
>> 
>> Well, creation of exchanges and queues we can at least control with some auth plugin so we can try protecting from these types of DOS. However with connections there seem to be no way to solve it. If no ulimit is used - we are susceptible to that OOM DOS. And if we set ulimit, it is still possible to DOS us - Rabbit won't die but won't accept connections from consumers either.
>> 
>> I will look into limiting connections by the means if OS or Amazon ELB but it feels like that kind of DOS protection should be part of Rabbit itself.
> 
> Services such as CloudAMQP monitor connections/channels/queues/etc over HTTP API and force close
> those that use too many resources.
> 
> One can argue that you can DOS any service, e.g. MySQL, exposed to the public Internet, by flooding it with writes.
> Some form of connection monitoring will likely be necessary anyway.
> 
> MK
> 
> Software Engineer, Pivotal/RabbitMQ
> 
> 
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
This email is for the use of the intended recipient(s) only.
If you have received this email in error, please notify the sender immediately and then delete it.
If you are not the intended recipient, you must not use, disclose or distribute this email without the
author's prior permission. AlertMe.com Ltd. is not responsible for any personal views expressed
in this message or any attachments that are those of the individual sender.

AlertMe.com Ltd, 30 Station Road, Cambridge, CB1 2RE, UK.
Registered in England, Company number 578 2908, VAT registration number GB 895 9914 42.




More information about the rabbitmq-discuss mailing list