We have been testing Elasticsearch for a while. Our ES cluster was on
AWS. We installed Bigdesk, Marvel, Thrift, EC2 Discovery plugins. There
were 5 instance (1 load balancer, 4 data node) and all of them were
version 0.90.
Yesterday, We have received an e-mail from AWS. They said one of our
instance in ES cluster was making DOS attacks from UDP port 80.
We did not restrict ports, because it was an test cluster. It can be
main cause of this problem, but I still want to ask if there is a known
bug (in ES or modules or plugins) that cause something like this or if
there is anyone who have seen some kind of similar problem.
We have been testing Elasticsearch for a while. Our ES cluster was on
AWS. We installed Bigdesk, Marvel, Thrift, EC2 Discovery plugins. There
were 5 instance (1 load balancer, 4 data node) and all of them were
version 0.90.
Yesterday, We have received an e-mail from AWS. They said one of our
instance in ES cluster was making DOS attacks from UDP port 80.
We did not restrict ports, because it was an test cluster. It can be
main cause of this problem, but I still want to ask if there is a known
bug (in ES or modules or plugins) that cause something like this or if
there is anyone who have seen some kind of similar problem.
You are right. We were aware that exposing cluster to internet was a bad
idea. It was a temporary situation. We are planing to use it behind an
application in our product.
Thanks for advice.
On 09-07-2014 12:01, David Pilato wrote:
3 bad things here:
You exposed your cluster to internet directly
You did not disable dynamic scripting
May be you are running your elasticsearch node as root?
We have been testing Elasticsearch for a while. Our ES cluster was on
AWS. We installed Bigdesk, Marvel, Thrift, EC2 Discovery plugins. There
were 5 instance (1 load balancer, 4 data node) and all of them were
version 0.90.
Yesterday, We have received an e-mail from AWS. They said one of our
instance in ES cluster was making DOS attacks from UDP port 80.
We did not restrict ports, because it was an test cluster. It can be
main cause of this problem, but I still want to ask if there is a known
bug (in ES or modules or plugins) that cause something like this or if
there is anyone who have seen some kind of similar problem.
You are right. We were aware that exposing cluster to internet was a bad
idea. It was a temporary situation. We are planing to use it behind an
application in our product.
Thanks for advice.
On 09-07-2014 12:01, David Pilato wrote:
3 bad things here:
You exposed your cluster to internet directly
You did not disable dynamic scripting
May be you are running your elasticsearch node as root?
We have been testing Elasticsearch for a while. Our ES cluster was on
AWS. We installed Bigdesk, Marvel, Thrift, EC2 Discovery plugins. There
were 5 instance (1 load balancer, 4 data node) and all of them were
version 0.90.
Yesterday, We have received an e-mail from AWS. They said one of our
instance in ES cluster was making DOS attacks from UDP port 80.
We did not restrict ports, because it was an test cluster. It can be
main cause of this problem, but I still want to ask if there is a known
bug (in ES or modules or plugins) that cause something like this or if
there is anyone who have seen some kind of similar problem.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.