T
Twisted
This happened accidentally, but an attacker might use this
intentionally in a hostile applet to perpetrate a denial of service
attack.
I had a Java app compile and run that generated ~200 threads accessing
the network. It suddenly stopped functioning; it hadn't hung -- the UI
still worked -- but the network activity dropped to zero and it
wouldn't do anything. (Picture a Web browser that works, except every
attempt to go to a page produces a timeout or the browser just spins.
Sort of like that: the UI is working but the backend isn't.)
Naturally, suspecting a bug, I exited and went to rerun the app, this
time attaching a debugger process. Failed. Eclipse showed "Launching
(83%)..." and stuck there. Details showed "searching for free socket"
or some such.
At this point I discovered that almost every other network using app on
the system had locked up. Shareaza, MSN messenger, etc. -- Firefox was
the only survivor, and it would not function (see above description of
semi-functional Web browser; this was Firefox after the accident).
Task Manager showed two Java tasks, one with over 100 threads;
presumably the app that was supposed to have exited. I repeatedly
attacked it with "End Process" and "End Process Tree"; no effect.
Eclipse, when exited, likewise remained as a headless zombie: no
visible UI but still an Eclipse process and a Java task with a couple
of threads. Neither could be killed.
After over half an hour, none of the tasks had exited that had been
told in various increasingly imperative ways to terminate, and the
network remained unusable. I concluded I had to reboot.
To top it off, a clean reboot wasn't possible -- the system would close
a couple apps then just sit there. I had to power-cycle the fucking
box! This on an NT kernel OS and with the trigger being Java, the
paragon of security and non-crashingness? What the ****?!
Now I've lost all my open Explorer folders and various other
inconveniences can all be laid at the doorstep of ... whatever the ****
it was that happened.
Can anyone explain this event? Opening a lot of network connections
shouldn't be a problem on XP, and it sure as hell shouldn't render the
system unusable to the point of forcing a cold boot. Even if the Java
app ate all the free network sockets, it should have been terminatable,
and killing it should have released the sockets. Even terminating other
tasks (such as the nonresponsive Shareaza) that used the network didn't
free any up (Shareaza, when end-tasked, disappeared promptly from all
task and process lists, but Firefox didn't magically start working
again).
Annoyingly, the system help also stopped working(!); I was desperate
enough to actually resort to Help and Support Center to find info on
terminating processes and/or freeing sockets, given that the usual
first-resort, Google, was rendered unavailable by the problem.
This Should Not Have Happened.
We have at least 3 separate problems:
* Java can do things that DoS a Win32 box, without doing anything but
open sockets.
Applets can open sockets (though only back to the originating site);
Win32 boxen are
extremely commonplace. You do the math.
* Windows XP SP2, with all the latest updates (including and especially
security updates),
allows a single app to hog all the network sockets, and apps that
want a socket but
can't get one seem usually to hang rather than gracefully report an
error condition to the
user.
* And it does not seem to properly "terminate with prejudice" an
unresponsive process or
free up resources one had when it does terminate it successfully. Is
there no equivalent of
"kill -9", via Task Manager or otherwise, even when you're logged on
as administrator?
It looks like some problems (can't kill processes, processes can kill
parts of the system's overall functionality, killed tasks don't always
have their resources released by the OS) from the bad old days of
Windows 3.1 are still present and accounted for...
Win32 SP2 with all security fixes;
JDK/JRE 1.5.0_06 (latest, as of a couple weeks ago anyway)
intentionally in a hostile applet to perpetrate a denial of service
attack.
I had a Java app compile and run that generated ~200 threads accessing
the network. It suddenly stopped functioning; it hadn't hung -- the UI
still worked -- but the network activity dropped to zero and it
wouldn't do anything. (Picture a Web browser that works, except every
attempt to go to a page produces a timeout or the browser just spins.
Sort of like that: the UI is working but the backend isn't.)
Naturally, suspecting a bug, I exited and went to rerun the app, this
time attaching a debugger process. Failed. Eclipse showed "Launching
(83%)..." and stuck there. Details showed "searching for free socket"
or some such.
At this point I discovered that almost every other network using app on
the system had locked up. Shareaza, MSN messenger, etc. -- Firefox was
the only survivor, and it would not function (see above description of
semi-functional Web browser; this was Firefox after the accident).
Task Manager showed two Java tasks, one with over 100 threads;
presumably the app that was supposed to have exited. I repeatedly
attacked it with "End Process" and "End Process Tree"; no effect.
Eclipse, when exited, likewise remained as a headless zombie: no
visible UI but still an Eclipse process and a Java task with a couple
of threads. Neither could be killed.
After over half an hour, none of the tasks had exited that had been
told in various increasingly imperative ways to terminate, and the
network remained unusable. I concluded I had to reboot.
To top it off, a clean reboot wasn't possible -- the system would close
a couple apps then just sit there. I had to power-cycle the fucking
box! This on an NT kernel OS and with the trigger being Java, the
paragon of security and non-crashingness? What the ****?!
Now I've lost all my open Explorer folders and various other
inconveniences can all be laid at the doorstep of ... whatever the ****
it was that happened.
Can anyone explain this event? Opening a lot of network connections
shouldn't be a problem on XP, and it sure as hell shouldn't render the
system unusable to the point of forcing a cold boot. Even if the Java
app ate all the free network sockets, it should have been terminatable,
and killing it should have released the sockets. Even terminating other
tasks (such as the nonresponsive Shareaza) that used the network didn't
free any up (Shareaza, when end-tasked, disappeared promptly from all
task and process lists, but Firefox didn't magically start working
again).
Annoyingly, the system help also stopped working(!); I was desperate
enough to actually resort to Help and Support Center to find info on
terminating processes and/or freeing sockets, given that the usual
first-resort, Google, was rendered unavailable by the problem.
This Should Not Have Happened.
We have at least 3 separate problems:
* Java can do things that DoS a Win32 box, without doing anything but
open sockets.
Applets can open sockets (though only back to the originating site);
Win32 boxen are
extremely commonplace. You do the math.
* Windows XP SP2, with all the latest updates (including and especially
security updates),
allows a single app to hog all the network sockets, and apps that
want a socket but
can't get one seem usually to hang rather than gracefully report an
error condition to the
user.
* And it does not seem to properly "terminate with prejudice" an
unresponsive process or
free up resources one had when it does terminate it successfully. Is
there no equivalent of
"kill -9", via Task Manager or otherwise, even when you're logged on
as administrator?
It looks like some problems (can't kill processes, processes can kill
parts of the system's overall functionality, killed tasks don't always
have their resources released by the OS) from the bad old days of
Windows 3.1 are still present and accounted for...
Win32 SP2 with all security fixes;
JDK/JRE 1.5.0_06 (latest, as of a couple weeks ago anyway)