Using
java 1.6.14 with
jboss 4.3 ( i think server does not matter ) -
read about that the ssl vulnerability :
http://stackoverflow.com/questions/1623676/suns-java-ssl-implementation-is-leaking-memory
http://nuxx.net/blog/2012/02/20/ms12-006-and-http-408-errors/
http://support.microsoft.com/kb/2638806
http://technet.microsoft.com/en-us/security/bulletin/ms12-006
http://stackoverflow.com/questions/1623676/suns-java-ssl-implementation-is-leaking-memory
http://www-01.ibm.com/support/docview.wss?uid=swg1PK16095
http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#descPhase2
what i want : a java or php script - that directly calls it self or a new java process (the new process will start a class based on your code too)
to make connections to the server that ask it to make a new SSL session, this increasing the RAM used by the JVM and crashing it eventually
Do not want a simple DOS attack. Each hit of this kind should increase the memory used by the JVM by a MB
So if the server has a max of 1GB, in about 800 or so hits it should max out. thanks
i tried making a simple ssl connection using :
1. URL
2. Socket
3. apache http client
but no go - ran it all night from 2 desktops hitting the server every second and memory is fine.
changing program to call a process - maybe if its a new jvm a new session is made. but out of ideas after that! any help will be appreciated. (looked at owasp and googled but did not find any thing like a
test program to re create)