lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 4 Jan 2007 19:26:07 +0100 (CET)
From: Michal Zalewski <>
Subject: Re: a cheesy Apache / IIS DoS vuln (+a question)

On Thu, 4 Jan 2007, Michal Zalewski wrote:

> On Thu, 4 Jan 2007, William A. Rowe, Jr. wrote:
>   2) Theoretical window size limits and commonly implemented settings do
>      have a side effect of making such attacks more feasible for
>      attackers with a very limited bandwidth available. There's probably
>      not that much difference between a 10 MB and a 1 GB window size,
>      anyway: the attacker can establish a dial-up connection to ISP A,
>      initiate a series of 5000x requests with 10 MB window size, then
>      reconnect to ISP B, and continue to slowly and calmly spoof ACKs
>      as coming from his previous IP to the attacked server (he knows
>      all the sequence numbers). It would take 40 bytes to generate next
>      10 MB of traffic within an established connection, so it still
>      sounds like fun for a guy who has a 4 kB/s link. And that's why I
>      asked whether there was any research done on such issues.

A kind reader pointed me off the list to this excellent paper that happens
to explore this vector in more detail (making the "Range" behavior more of
an issue for certain senders):

  Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse
  Rob Sherwood, Bobby Bhattacharjee, Ryan Braud
  Published in Computer and Communications Security (CCS) 2005


Powered by blists - more mailing lists