TEC Workbook - IBM
TEC Workbook - IBM
TEC Workbook - IBM
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>IBM</strong> Software<br />
● MegaTags – Otherwise valid XML messages containing excessively long element names,<br />
or an excessive number of tags. This attack may also lead to buffer overruns.<br />
● Coercive parsing – XML messages specially constructed to be difficult to parse, resulting<br />
in excessive resource consumption in the target machine.<br />
● Public key DoS – Utilizing the asymmetric nature of public key operations to force<br />
resource exhaustion on the recipient by transmitting a message with a large number of<br />
long-key-length, computationally expensive digital signatures.<br />
Multiple message XDoS (MMXDoS) attacks may have the following characteristics:<br />
● XML flood – sending thousands of otherwise benign messages per second to tie up a<br />
Web service. This attack can be combined with Replay attack to bypass authentication,<br />
and with Single message XDoS to increase its impact.<br />
● Resource hijack – sending messages that lock or reserve resources on the target server<br />
as part of a never-completed transaction.<br />
__1. At the top of the Multi-Protocol Gateway configuration form is a set of tabs. At the right and left<br />
side of the tabs are arrow images. Moving the cursor over the arrow (without clicking) will cause<br />
the tabs to shift left or right. Move the mouse over the right arrow until the XML Threat Protection<br />
tab is visible.<br />
__2. Click on the XML Threat Protection tab.<br />
__3. In the Single Message XML Denial of Service section, click the on radio button for Gateway<br />
parser limits.<br />
Notice that the XDoS protection is highly customizable.<br />
__4. Click the off button for Gateway parser limits.<br />
__5. In the Multiple Message XML Denial of Service section, click the on radio button for Enable<br />
MMXDoS Protection.<br />
__6. Click the off button for Enable MMXDos Protection.<br />
Page 50 WebSphere Lab Jam