Home >Technology >Real life XMPP Instant Messaging

Real life XMPP Instant Messaging

Date post:24-Jan-2015
Category:
View:5,276 times
Download:2 times
Share this document with a friend
Description:
Real life XMPP: How to deploy and manage your public and or large XMPP scale XMPP server. Case of misbehaviour and abuse.
Transcript:
  • 1. XMPP in real life: attacks, bad behaviour and how to cope with them 2009, 7th february - FOSDEM 2009 Mickal Rmond

2. Background: What we doCompany created in 1999 3. Background: What we doCompany created in 199920 employees 4. Background: What we doCompany created in 199920 employeesSpecialized in Instant Messaging since 2002 5. Background: What we doCompany created in 199920 employeesSpecialized in Instant Messaging since 2002Involved in ejabberd since 2002. ProcessOne produced 98% of the code. 6. Background: What we doCompany created in 199920 employeesSpecialized in Instant Messaging since 2002Involved in ejabberd since 2002. ProcessOne produced 98% of the code.Complete stack of Instant Messaging software 7. Background: What we doCompany created in 199920 employeesSpecialized in Instant Messaging since 2002Involved in ejabberd since 2002. ProcessOne produced 98% of the code.Complete stack of Instant Messaging softwareTwo main activities software: complete software solution for IM expertise: renowed company for high-availability, scalability and custom solutions (consulting, development and hosting) 8. Background: What we doCompany created in 199920 employeesSpecialized in Instant Messaging since 2002Involved in ejabberd since 2002. ProcessOne produced 98% of the code.Complete stack of Instant Messaging softwareTwo main activities software: complete software solution for IM expertise: renowed company for high-availability, scalability and custom solutions (consulting, development and hosting)Several tens of large customers, spread across the world Large scale worldwide leader Specific needs renowed expertise 9. XMPP deployments typesVisible public serversThe SandboxNot necessarily large scale but very unusual behaviours, clients, usagepattern 10. XMPP deployments typesVisible public serversThe SandboxNot necessarily large scale but very unusual behaviours, clients, usagepatternLarge scale serversLarge scale in term of registered or simultaneous users Large scale starts after a million of registered users and / or hundred of thousands simultaneous connections 11. XMPP deployments typesVisible public serversThe SandboxNot necessarily large scale but very unusual behaviours, clients, usagepatternLarge scale serversLarge scale in term of registered or simultaneous users Large scale starts after a million of registered users and / or hundred of thousands simultaneous connectionsLarge scale in term of thoughput At least tens of thousands of packets per seconds, millions of users of MUC / Pubsub, millions of nodes. 12. XMPP deployments typesVisible public serversThe SandboxNot necessarily large scale but very unusual behaviours, clients, usagepatternLarge scale serversLarge scale in term of registered or simultaneous users Large scale starts after a million of registered users and / or hundred of thousands simultaneous connectionsLarge scale in term of thoughput At least tens of thousands of packets per seconds or tens of thousands users in MUC room or subscribed to pubsub node, etc. Experience of large clusters with several tens of millions registered usersand more than 500 000 simultaneous users. 13. Challenges of real life XMPPUptime 14. Challenges of real life XMPPUptimeUptime ! 15. Challenges of real life XMPPUptimeUptime !Uptime !! 16. Challenges of real life XMPPUptimeEverything else derives from thisUptime !Challenge (performance, scalability)Uptime !! 17. Challenges of real life XMPPUptime Everything else derives from thisUptime ! Challenge (performance, scalability)Uptime !!When a server is restarted: it faces a reconnect storm from client that login again it needs to resync the complete presence states with most of its known s2s servers it reconnects the users accounts on gateways ... 18. Challenges of real life XMPPUptime Everything else derives from thisUptime ! Challenge (performance, scalability)Uptime !!When a server is restarted: it faces a reconnect storm from client that login again it needs to resync the complete presence states with most of its known s2s servers it reconnects the users accounts on gateways ...You need to: Be able to monitor lots of values to detect troubles and have tools to keep the server online during trouble phase (otherwise it crash:get worse) Be able to perform maintenance task and upgrade code live 19. Case 1: XMPP as a proxySymptom: A sandbox XMPP server crashes regularly 20. Case 1: XMPP as a proxySymptom: A sandbox XMPP server crashes regularlyFirst challenge: Detect possible abuser 21. Case 1: XMPP as a proxySymptom: A sandbox XMPP server crashes regularlyFirst challenge: Detect possible abuserUse of our toolkit (TeamLeader console) to analyse traffic patterns. 22. Case 1: XMPP as a proxySymptom: A sandbox XMPP server crashes regularlyFirst challenge: Detect possible abuserUse of our toolkit (TeamLeader console) to analyse traffic patterns.Correlate the crash to a given userLarge number of packets send when onlineLarge bandwidth consumption 23. Case 1: XMPP as a proxySymptom: A sandbox XMPP server crashes regularlyFirst challenge: Detect possible abuserUse of our toolkit (TeamLeader console) to analyse traffic patterns.Correlate the crash to a given userLarge number of packets send when onlineLarge bandwidth consumptionDump traffic of this user for analysis 24. Case 1: XMPP as a proxySymptom: A sandbox XMPP server crashes regularlyFirst challenge: Detect possible abuserUse of our toolkit (TeamLeader console) to analyse traffic patterns.Correlate the crash to a given userLarge number of packets send when onlineLarge bandwidth consumptionDump traffic of this user for analysisTraffic reveals that user:has deployed XMPP bot at work on his serversis using the public server to get control of his serverbasically Shell over XMPP 25. Case 1: XMPP as a proxySymptom: A sandbox XMPP server crashes regularlyFirst challenge: Detect possible abuserUse of our toolkit (TeamLeader console) to analyse traffic patterns.Correlate the crash to a given userLarge number of packets send when onlineLarge bandwidth consumptionDump traffic of this user for analysisTraffic reveals that user:has deployed XMPP bot at work on his serversis using the public server to get control of his serverbasically Shell over XMPPResponse: Need to detect abnormal usage pattern and trigger alerts 26. Case 2: Client bad behavioursSymptom: Abnormal memory consumption / sometime leading to crash 27. Case 2: Client bad behavioursSymptom: Abnormal memory consumption / sometime leading to crashSource problem had been client behaviour 28. Case 2: Client bad behavioursSymptom: Abnormal memory consumption / sometime leading to crashSource problem had been client behaviourGenerates an undue load on the server Example: Client does not reply to some IQ stanzas (PEPS / CAPS)Server waits for reply until timeoutDepending on the type of processing it can be blocking Example: Client that send too many presencesLarge presence broadcast, especially in MUC rooms 29. Case 2: Client bad behavioursSymptom: Abnormal memory consumption / sometime leading to crashSource problem had been client behaviourGenerates an undue load on the server Example: Client does not reply to some IQ stanzas (PEPS / CAPS)Server waits for reply until timeoutDepending on the type of processing it can be blocking Example: Client that send too many presencesLarge presence broadcast, especially in MUC rooms Need to restrict the ability to perform those patterns:Limit the interval for sending presences in chat roomsLimit resourc consumption in general 30. Case 2: Client bad behavioursSymptom: Abnormal memory consumption / sometime leading to crashSource problem had been client behaviourGenerates an undue load on the server Example: Client does not reply to some IQ stanzas (PEPS / CAPS)Server waits for reply until timeoutDepending on the type of processing it can be blocking Example: Client that send too many presencesLarge presence broadcast, especially in MUC rooms Need to restrict the ability to perform those patterns:Limit the interval for sending presences in chat roomsLimit resourc consumption in general 31. Case 3: Multi User chatMUC rooms attacksMost common case of abuse 32. Case 3: Multi User chatMUC rooms attacksMost common case of abuseCreate a lot of MUC persistant MUC rooms 33. Case 3: Multi User chatMUC rooms attacksMost common case of abuseCreate a lot of MUC persistant MUC roomsJoin a lot of MUC rooms 34. Case 3: Multi User chatMUC rooms attacksMost common case of abuseCreate a lot of MUC persistant MUC roomsJoin a lot of MUC roomsJoin / leave a MUC room fastly 35. Case 3: Multi User chatMUC rooms attacksMost common case of abuseCreate a lot of MUC persistant MUC roomsJoin a lot of MUC roomsJoin / leave a MUC room fastlyJoin lots of users in a single room 36. Case 3: Multi User chatMUC rooms attacksMost common case of abuseCreate a lot of MUC persistant MUC roomsJoin a lot of MUC roomsJoin / leave a MUC room fastlyJoin lots of users in a single roomChange presence to bypass voice 37. Case 3: Multi User chatMUC rooms attacksMost common case of abuseCreate a lot of MUC persistant MUC roomsJoin a lot of MUC roomsJoin / leave a MUC room fastlyJoin lots of users in a single roomChange presence to bypass voiceFlood with messages 38. Case 3: Multi User chatMUC rooms attacksMost common case of abuseCreate a lot of MUC persistant MUC roomsJoin a lot of MUC roomsJoin / leave a MUC room fastlyJoin lots of users in a single roomChange presence to bypass voiceFlood with messagesUse large values to attack the server or the client (large room names,large nick names, etc) 39. Case 4: BotsSymptom: Server crash 40. Case 4: BotsSymptom: Server crashReduce to a crash when some special user connects (every time) 41. Case 4: BotsSymptom: Server crashReduce to a crash when some special user connects (every time)Bots send message

Click here to load reader

Embed Size (px)
Recommended