[jcifs] JCIFS Denial of Service Problem

Woytasik Joe Joe.Woytasik at sentry.com
Fri May 22 19:42:46 GMT 2009 

JCIFS Version: 1.2.25
 
We are using JCIFS to perform authentication for a web app.  On our
domain controller we are seeing several denial of service messages that
correlate with an event in our JCIFS logging.  I have included the error
message and our JCIFS config below.  Any information regarding the error
below or denial of service solutions would be appreciated.
 
Error Message:
jcifs.smb.SmbException: Transport20 timedout waiting for response to
SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false
,errorCode=0,flags=0x0018,flags2=0xC007,signSeq=616,tid=0,pid=33690,uid=
0,mid=152,wordCount=13,byteCount=97,andxCommand=0x75,andxOffset=158,snd_
buf_size=16644,maxMpxCount=10,VC_NUMBER=1,sessionKey=0,passwordLength=24
,unicodePasswordLength=0,capabilities=4180,accountName=XXXXXX,primaryDom
ain=XXXXXXX,NATIVE_OS=Windows 2003,NATIVE_LANMAN=jCIFS]
jcifs.util.transport.TransportException: Transport20 timedout waiting
for response to
SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false
,errorCode=0,flags=0x0018,flags2=0xC007,signSeq=616,tid=0,pid=33690,uid=
0,mid=152,wordCount=13,byteCount=97,andxCommand=0x75,andxOffset=158,snd_
buf_size=16644,maxMpxCount=10,VC_NUMBER=1,sessionKey=0,passwordLength=24
,unicodePasswordLength=0,capabilities=4180,accountName=XXXXXX,primaryDom
ain=XXXXXXX,NATIVE_OS=Windows 2003,NATIVE_LANMAN=jCIFS]
 at jcifs.util.transport.Transport.sendrecv(Transport.java:76)
 at jcifs.smb.SmbTransport.send(SmbTransport.java:619)
 at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:288)
 at jcifs.smb.SmbSession.send(SmbSession.java:233)
 at jcifs.smb.SmbTree.treeConnect(SmbTree.java:161)
 at jcifs.smb.SmbSession.logon(SmbSession.java:169)
 at jcifs.smb.SmbSession.logon(SmbSession.java:162)
 at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:182)
 at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:235)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:206)
 at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:233)
 at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv
e.java:175)
 at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:128)
 at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:102)
 at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563
)
 at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:109)
 at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:2
63)
 at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:84
4)
 at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(
Http11Protocol.java:584)
 at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
 at java.lang.Thread.run(Unknown Source)
 
 at jcifs.smb.SmbTransport.send(SmbTransport.java:626)
 at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:288)
 at jcifs.smb.SmbSession.send(SmbSession.java:233)
 at jcifs.smb.SmbTree.treeConnect(SmbTree.java:161)
 at jcifs.smb.SmbSession.logon(SmbSession.java:169)
 at jcifs.smb.SmbSession.logon(SmbSession.java:162)
 at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:182)
 at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:235)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:206)
 at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:233)
 at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv
e.java:175)
 at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:128)
 at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:102)
 at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563
)
 at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:109)
 at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:2
63)
 at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:84
4)
 at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(
Http11Protocol.java:584)
 at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
 at java.lang.Thread.run(Unknown Source)
 
JCIFS Configuration:
- <file://shobps02/d$/Tomcat_PC_Batch/conf/web.xml#>  <filter>
  <filter-name>NtlmHttpFilter</filter-name> 
  <filter-class>jcifs.http.NtlmHttpFilter</filter-class> 
- <file://shobps02/d$/Tomcat_PC_Batch/conf/web.xml#>  <init-param>
  <param-name>jcifs.resolveOrder</param-name> 
  <param-value>DNS</param-value> 
  </init-param>
- <file://shobps02/d$/Tomcat_PC_Batch/conf/web.xml#>  <init-param>
  <param-name>jcifs.http.domainController</param-name> 
  <param-value>XXXXXX</param-value> 
  </init-param>
- <file://shobps02/d$/Tomcat_PC_Batch/conf/web.xml#>  <init-param>
  <param-name>jcifs.smb.client.domain</param-name> 
  <param-value>XXXXXXX</param-value> 
  </init-param>
- <file://shobps02/d$/Tomcat_PC_Batch/conf/web.xml#>  <init-param>
  <param-name>jcifs.smb.client.username</param-name> 
  <param-value>XXXXXX</param-value> 
  </init-param>
- <file://shobps02/d$/Tomcat_PC_Batch/conf/web.xml#>  <init-param>
  <param-name>jcifs.smb.client.password</param-name> 
  <param-value>XXXXXXX</param-value> 
  </init-param>
- <file://shobps02/d$/Tomcat_PC_Batch/conf/web.xml#>  <init-param>
  <param-name>jcifs.http.loadBalance</param-name> 
  <param-value>false</param-value> 
  </init-param>
- <file://shobps02/d$/Tomcat_PC_Batch/conf/web.xml#>  <init-param>
  <param-name>jcifs.util.loglevel</param-name> 
  <param-value>0</param-value> 
  </init-param>
  </filter>
- <file://shobps02/d$/Tomcat_PC_Batch/conf/web.xml#>  <filter-mapping>
  <filter-name>NtlmHttpFilter</filter-name> 
  <url-pattern>/*</url-pattern> 
  </filter-mapping>

This e-mail is confidential.  If you are not the intended recipient, you must not disclose or use the information contained in it.  If you have received this e-mail in error, please tell us immediately by return e-mail to Email.Control at sentry.com and delete the document.

E-mails containing unprofessional, discourteous or offensive remarks violate Sentry policy. You may report employee violations by forwarding the message to Email.Control at sentry.com.

No recipient may use the information in this e-mail in violation of any civil or criminal statute. Sentry disclaims all liability for any unauthorized uses of this e-mail or its contents.

This e-mail constitutes neither an offer nor an acceptance of any offer. No contract may be entered into by a Sentry employee without express approval from an authorized Sentry manager.

Warning: Computer viruses can be transmitted via e-mail. Sentry accepts no liability or responsibility for any damage caused by any virus transmitted with this e-mail.
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list