Hi,
I'm currently working for a client on a large project in Norway, and we are experiencing DOS problems using AMQP protocol for sending messages to Service Bus Server 1.1 for Windows Server.
Every 1-3 days, our client get's a denial of service while connecting to the Service Bus through AMPQ (port 5671). A restart of the SBFarm solves the problem. So that would indicate that somehow the IP that they are sending from gets "blacklisted" in the Service Bus process, and that the "blacklist" is reset after restart of the services. When this issue occurs, we do not see any error-logs on this on the Service Bus server, but our partner gets "Connection refused error" when they try so send messages to port 5671, and they are not able to telnet port 5671 anymore. Locally we are able to telnet 5671 and we are able to send messages to the queues.
Our partner is using a AMQP library referenced in this article (QPID): https://azure.microsoft.com/en-gb/documentation/articles/service-bus-amqp-java/
The client uses dynamic ports to send packets to the Service Bus.
The following link shows a relevant patch that should solve this known vulnerability: https://technet.microsoft.com/library/security/ms14-042
We have installed this patch, but we still experience random DOS on inbound AMQP to Service Bus. I've checked that the relevant DLL's (according to the link posted above) have the correct versions and that KB2972621 is installed on the environment.
About server side environment:
Windows Server 2012 R2
Service Bus 1.1 for Windows Server
About client side environment:
Oracle WebLogic Server
Apache QPID messaging API
Authentication from client to server through local AD (username, password), stored server certificate on client side.
We are really stuck on this issue, and would appriciate any suggestions or information that might be relevant to the issue we are experiencing.