[jadmin] router bug ????

Felipe Vasconcellos fbvasconcellos at gmail.com
Mon Nov 20 13:17:02 CST 2006 

hello.

I think I've found a bug on jabberd2s11 router.

My organization has reached now about 220 simultaneous users, and then, this
began to happen (few times, but it is happening again):

Nov 20 16:31:54  jabberd/router[7970]: [127.0.0.1, port=50750] error: XML
parse error (not well-formed (invalid token))
Nov 20 16:31:54  jabberd/router[7970]: [127.0.0.1, port=50750] disconnect
Nov 20 16:31:54  jabberd/router[7970]: [_domain_] offline

.......... various users disconnected, I think all of them, didn't count
them ..........
Nov 20 16:31:54  jabberd/c2s[8008]: [8] [IP1, port=38904] disconnect
Nov 20 16:31:54  jabberd/c2s[8008]: [105] [IP2, port=44811] disconnect
Nov 20 16:31:54  jabberd/c2s[8008]: [121] [IP3, port=1091] disconnect
Nov 20 16:31:54  jabberd/c2s[8008]: [163] [IP4, port=1086] disconnect
Nov 20 16:31:54  jabberd/c2s[8008]: [197] [IP5, port=1196] disconnect
Nov 20 16:31:54  jabberd/c2s[8008]: [230] [IP6, port=1394] disconnect
.......... various users disconnected, I think all of them, didn't count
them ..........

then, the server comes back ****without any human intervention****

Nov 20 16:31:56  jabberd/c2s[8008]: [15] [IPn, port=4522] connect
Nov 20 16:31:56  jabberd/c2s[8008]: [17] [IPn+1, port=2224] disconnect
Nov 20 16:31:56  jabberd/sm[7986]: attempting connection to router at
127.0.0.1, port=5347
Nov 20 16:31:56  jabberd/router[7970]: [127.0.0.1, port=50831] connect
Nov 20 16:31:56  jabberd/router[7970]: [127.0.0.1, port=50831] authenticated
as jabberd
Nov 20 16:31:56  jabberd/sm[7986]: connection to router established
Nov 20 16:31:56  jabberd/router[7970]: [_domain_] online (bound to 127.0.0.1,
port 50831)

Nov 20 16:31:56  jabberd/c2s[8008]: [17] [IP, port=3227] connect
Nov 20 16:31:56  jabberd/sm[7986]: ready for sessions
Nov 20 16:31:56  jabberd/c2s[8008]: [11] auth succeeded: username=XXX,
resource=YYY
Nov 20 16:31:56  jabberd/c2s[8008]: [11] requesting session:
jid=XXX at _domain_/YYY
Nov 20 16:31:56  jabberd/c2s[8008]: [19] [IP, port=3055] connect
Nov 20 16:31:56  jabberd/c2s[8008]: [23] [IP, port=3914] connect
Nov 20 16:31:56  jabberd/sm[7986]: session replaced: jid=XXX at _domain_/YYY


Today, it happend twice:
Nov 20 13:06:09  jabberd/router[7970]: [127.0.0.1, port=40184] error: XML
parse error (not well-formed (invalid token))
Nov 20 13:06:09  jabberd/router[7970]: [127.0.0.1, port=40184] disconnect
Nov 20 13:06:09  jabberd/router[7970]: [_domain_] offline
Nov 20 13:06:09  jabberd/sm[7986]: error from router: Stream error (not
well-formed (invalid token))
Nov 20 13:06:09  jabberd/sm[7986]: connection to router closed
Nov 20 13:06:09  jabberd/sm[7986]: attempting reconnect (3 left)
Nov 20 13:06:09  jabberd/c2s[8008]: [8] [IP, port=1079] disconnect
Nov 20 13:06:09  jabberd/c2s[8008]: [100] [IP, port=1080] disconnect
Nov 20 13:06:09  jabberd/c2s[8008]: [102] [IP, port=1073] disconnect

... same proccess...

Nov 20 13:06:11  jabberd/router[7970]: [127.0.0.1, port=45463] connect
Nov 20 13:06:11  jabberd/router[7970]: [127.0.0.1, port=45463] authenticated
as jabberd
Nov 20 13:06:11  jabberd/sm[7986]: connection to router established
Nov 20 13:06:11  jabberd/router[7970]: [_domain_] online (bound to 127.0.0.1,
port 45463)
Nov 20 13:06:11  jabberd/sm[7986]: ready for sessions
Nov 20 13:06:14  jabberd/c2s[8008]: [8] [IP, port=1720] connect
Nov 20 13:06:14  jabberd/c2s[8008]: [10] [IP, port=3949] connect


When this happens, the jabber client disconnect from the server...... as the
server was down, but it is NOT!! the server is still running and accepting
connections.... as you can see in these logs. after a few seconds, the
client connects again.

I thought in two hypothesis:

1) some kind of attack
2) An unhandled token by the software, because I've search the database and
found some strange things in roster-items table like jid = just_a_name, jid
= username at not_resolvable_address

I have deleted them from the database, let's if this happens again.

Suposing it is an attack, how can I set a security policy in jabberd2s11
????? I mean, is it possible to tell the s2s to only accept some range of
IP's, or domains (better) ??? and what about the router and resolver.

Thanks guys! I hope I can help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.jabber.org/pipermail/jadmin/attachments/20061120/ed26d8cd/attachment-0004.html

More information about the JAdmin mailing list