Deskshare servelet can allow too many connections and cause red5 to get into a loop

[bigbluebutton-issue-import]

Originally reported on Google Code with ID 1427

If a system is attacked by a program connecting to the deskshare port 9123 until the
open file limit is exceeded, 
then an attempt is made to connect to port 5080 (the Red5 tomcat port), then red5 will
get into a loop and fill the hard drive.

For now, I recommend that a parameter be created that specifies the maximum number
of connections to the deskshare port, 
with a default value of something like 50.

Also, to avoid a denial of service attack, there should be a time limit on initial
activity on the connection. 

Otherwise, an attacker could open the connection and send nothing, thereby using up
all the connection resources and denying others the chance to connect.

Reported by ritzalam on 2013-02-28 03:49:27

[bigbluebutton-issue-import]

Reported by ffdixon on 2013-03-01 12:59:02

• Labels added: Security, Component-DeskShare

[bigbluebutton-issue-import]

Add a handshake between applet and server. If handshake doesn't occur within a period
of time, close the connection.

Reported by ritzalam on 2013-04-18 18:31:16

[bigbluebutton-issue-import]

Reported by ffdixon on 2013-06-15 22:26:21

• Labels removed: Milestone-Release0.81

[ffdixon]

Merged into https://github.com/bigbluebutton/bigbluebutton/issues/3520