AdIDoS: Attack runs for hours, doesn´t finish #13
Description
Sometimes the execution of the AdiDoS plugin doesn´t finish even after more than 24 hours.
The log shows the following entry multiple times:
INFO [DefaultHttpClient] I/O exception (java.net.SocketException) caught when processing request: Connection reset by peer: socket write error
INFO [DefaultHttpClient] Retrying request
This problem seems to occur when the sent requests result in a huge memory consumption on the machine the web service runs on.
One time the first log entry appeared at the exact moment the web service showed the following exception:
java.lang.OutOfMemoryError: Java heap space
java.lang.OutOfMemoryError: GC overhead limit exceeded
While the web service seems to recover after some time the plugin seems to be stuck at a certain point of the execution (the plugin seems to still send new requests) and doesn´t finish after more than 24 hours. The user must manually abort the execution to stop the plugin.
The problem occured when executing
- the Element Count attack against the "Metro-Sign" sample web service
- the XML Overlong Names attack against the "Axis2-1" sample web service
- all attacks of the AdIDoS plugin within one test against the "CXF-Enc" sample web service
The problem did not occur during every execution of the above mentioned attacks.