Tomcat6, Lambda Probe, insane amount of sessions from “unknown”
https://stackoverflow.com/questions/4827475
-
26-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm running an e-Commerce site which "crashes" regularily. Usually, I'm seeing an insane number of sessions open (600-900 on normal days, 5000-20000 on crashes). I would like to determine where these sessions originate.
I'm trying to use Lambda Probe, but it doesn't seem to help. Most sessions there are listed in the sessions view with an unknwon "Last IP".
This occurence is either a DoS attack or some logic problem inside the application, and I would like to determine which it is. Is there any way to more accurately determine the origin of a session than the Lambda Probe session view? Or are there parameters to fix this "unknown" display? After all, if a session is opened, there had to be a SYN packet somewhere, and this would have had an IP address.
Lastly, I have a self-written filter to store the active sessions in memory for display in the program, but when this happens, the server does not have enough resources left to display this list.
Any help will be greatly appreciated.
Solution
If anybody's interested in this still: It actually was a DoS attack. As there's hardly any good way to prevent the creation of a session for a request that hasn't been seen yet (cookies and session-ids are stripped from the requests of course), we finally solved this by using dedicated firewall rules for this purpose.
