[Zope] memory leaks and worms

Thu, 20 Sep 2001 09:09:48 -0700

If anyone can verify that this is acutally a problem, I'll apply the Squid
ACLs on my Proxy today...  I wasn't too worried since I don't run any II$
servers, but if there is an accidental effect of denial-of-service...

Anyone know if this might acutally be a problem, or the nature of it?

Sean

-----Original Message-----
From: Toby Dickenson [mailto:tdickenson@devmail.geminidataloggers.co.uk]
Sent: Thursday, September 20, 2001 7:34 AM
To: Paul Zwarts
Cc: zope@zope.org
Subject: Re: [Zope] memory leaks and worms

On Thu, 20 Sep 2001 15:24:02 +0200, "Paul Zwarts" <paz@oratrix.com>
wrote:

>Has anyone had experience with the results of Nimda and CodeRed over
>zope? I have a suspicion that these worms cause memory leaks on the
>python process. Although the exploits are designed for MicroSnooze
>servers, Zope of course tries to parse them anyhow, sometime throwing
>exceptions at a lower level than the standard_error_page, thus
>disallowing me to write dtml or python to intercept it. The result,
>_I_think_ is a memory leak because zope isnt cleaning itself up. But I'm
>at loss how to prove this....

If you have your Zope connected to the internet then there are lots of
good reasons to use a front-end proxy, such as Squid or
Apache/mod_proxy, rather than exposing a 'raw' ZServer.

medusa's http implementation (used by ZServer) is not as robust as it
could be, and there are several denial-of-service attacks which are
blocked by Squid and Apache in their default configurations.

The Squid mailing list today had some posts discussing rules for
blocking such requests.

I hope this helps,

Toby Dickenson
tdickenson@geminidataloggers.com

_______________________________________________
Zope maillist  -  Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )