Results 1 to 7 of 7

Thread: Architect originating a DoS behavion on local intranet

  1. #1
    Sencha User c54283's Avatar
    Join Date
    Oct 2018
    Location
    Portugal
    Posts
    5

    Default Answered: Architect originating a DoS behavion on local intranet

    Hello ,

    A apparent DoS behavion on my local intranet seems to happen when i open up Sencha Achitect 4.2.2 (before I even open any project from the welcome to sencha architect dialog box).
    My user get locked when initial dialog box opens.
    I suspect proxy setting are some how provoking many failed requests trying to reach sencha.

    I try change disabling system.java.net.useSystemProxies and setting system.http.proxy* at Sencha\Architect\Cmd\6.5.1.240\sencha.cfg with no success. No other sencha.cfg has proxy settings.

    Using "netstat -a -o | find 8080" i can see SenchaArchitect still connecting for a proxy... is it possible (without local SO admin permissions) to disable Sencha Architect from trying to connect to network?



    Best regards,
    JP

  2. Quote Originally Posted by c54283 View Post
    and one of my colleagues does not have the problem (and two of us have exactly same problem, difference I have found was first was the support team credentials and we used our expiring credentials that we must change when prompted for license, tried reinstalling, but no credentials for license were promoted any more), so I deducted that system proxy should not make a difference. Does architect stores credentials on setup and uses them when connecting to the internet (sending stats)? Company security team does not provide me with details of the DoS attack, but my user only gets deactivated when I open sencha architect, so I am guessing some cycle of trying invalid credentials at a high rate that might compromise some company authentication system.
    There are several things leaving me stumped.

    How many have the issue in your company? How many users of Architect in your company?

    When you uninstalled did you remove the folder under your user account and other hidden files Windows tends to retain?

    I realize you could have limited ability to remove, but I would think you can get into your user profile directories where you can remove the Sencha Architect files. If they were gone you should be prompted to re-enter your credentials.

  3. #2
    Sencha - Forum Administrator
    Join Date
    Sep 2017
    Posts
    1,006
    Answers
    5

    Default

    Thank you so much for your post. I apologize for the delay. I have shared this with the support staff and someone will get back to provide assistance as soon as possible. Your patience is greatly appreciated!

    Kind Regards,

    Michele


  4. #3
    Sencha User c54283's Avatar
    Join Date
    Oct 2018
    Location
    Portugal
    Posts
    5

    Default

    Thanks for the reply, still waiting on help. I tried unsellecting send anonymous stats... but still waiting to have account unlocked to test it.
    "Use The Source Luke"

  5. #4
    Sencha MVP Team Member
    Join Date
    Sep 2016
    Location
    Kennewick, WA
    Posts
    150
    Answers
    15

    Default

    Please provide some details on your configuration, Windows? Mac? Proxy settings? Screenshot of DoS details you are referring to?

    Based on the above information and my experience I would conclude this is not an Architect issue.
    Andy Allord
    Sencha MVP/Software Engineer

  6. #5
    Sencha User c54283's Avatar
    Join Date
    Oct 2018
    Location
    Portugal
    Posts
    5

    Default

    Windows. Do you mean system/Internet explorer proxy settings? They are fixed by company police for all, and one of my colleagues does not have the problem (and two of us have exactly same problem, difference I have found was first was the support team credentials and we used our expiring credentials that we must change when prompted for license, tried reinstalling, but no credentials for license were promoted any more), so I deducted that system proxy should not make a difference. Does architect stores credentials on setup and uses them when connecting to the internet (sending stats)? Company security team does not provide me with details of the DoS attack, but my user only gets deactivated when I open sencha architect, so I am guessing some cycle of trying invalid credentials at a high rate that might compromise some company authentication system.
    "Use The Source Luke"

  7. #6
    Sencha MVP Team Member
    Join Date
    Sep 2016
    Location
    Kennewick, WA
    Posts
    150
    Answers
    15

    Default

    Quote Originally Posted by c54283 View Post
    and one of my colleagues does not have the problem (and two of us have exactly same problem, difference I have found was first was the support team credentials and we used our expiring credentials that we must change when prompted for license, tried reinstalling, but no credentials for license were promoted any more), so I deducted that system proxy should not make a difference. Does architect stores credentials on setup and uses them when connecting to the internet (sending stats)? Company security team does not provide me with details of the DoS attack, but my user only gets deactivated when I open sencha architect, so I am guessing some cycle of trying invalid credentials at a high rate that might compromise some company authentication system.
    There are several things leaving me stumped.

    How many have the issue in your company? How many users of Architect in your company?

    When you uninstalled did you remove the folder under your user account and other hidden files Windows tends to retain?

    I realize you could have limited ability to remove, but I would think you can get into your user profile directories where you can remove the Sencha Architect files. If they were gone you should be prompted to re-enter your credentials.
    Andy Allord
    Sencha MVP/Software Engineer

  8. #7
    Sencha User c54283's Avatar
    Join Date
    Oct 2018
    Location
    Portugal
    Posts
    5

    Default

    Hello, good morning.

    I am a subcontracted individual resource, I have no ideia about how may users the (client) company, but in our team we are 3 user with Architect and two with the issue. Yesterdey, had an apparent break throu unselecting anounimous stats seems to have changed the DoS behaivour, but still to early to tell, since initial we had like months without problem, and it showed up out off no were (my working theory is that must started when we changed our individual password because it had expired).

    No, did not removed the folder under your user account or other hidden files. If the send stats does not workarround the issue, i will try to request new uninstall and remove all sencha files i can find (and delete)...

    Have a nice day.
    And to all reading this, please be happy. If not for other reason, try be happy just because i asked you to
    "Use The Source Luke"

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •