Java does not have many provisions to identify denial of service attacks. The common attacks are busy-waiting to consume CPU cycles and allocating memory until the system runs out, and starving other threads and system processes. The memory and CPU attacks are very difficult to handle because many genuine applications might need large amounts of resources.
The code segment below can lock the status line at the bottom of the HotJava browser, effectively preventing it from loading any more pages.
synchronized (Class.forName("net.www.html.MeteredStream")) {
while(true) Thread.sleep(10000);
}
In Netscape, this attack can lock the java.net.InetAddress
class, blocking all hostname lookups and hence all new network connections.
This attack could be prevented by using wrappers around these classes and
preventing access to locks.
There are two variations of denial of service attacks. An attack can be made to occur after a time delay, probably causing failure to occur when the user is viewing some other page thus masking the source of the attack. Another type is the degradation of service attack where there is no outright denial of service but the performance of the browser is significantly reduced.
Copyright © 1996 Virginia Polytechnic Institute & State University
All Rights Reserved
Vijay Sureshkumar
<vijay@csgrad.cs.vt.edu>
Last modified: Sun Oct 20 21:52:09 1996