| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Jan 2007 19:26:07 +0100 (CET) From: Michal Zalewski <lcamtuf@...ne.ids.pl> To: bugtraq@...urityfocus.com Subject: Re: a cheesy Apache / IIS DoS vuln (+a question) On Thu, 4 Jan 2007, Michal Zalewski wrote: > On Thu, 4 Jan 2007, William A. Rowe, Jr. wrote: > > 2) Theoretical window size limits and commonly implemented settings do > have a side effect of making such attacks more feasible for > attackers with a very limited bandwidth available. There's probably > not that much difference between a 10 MB and a 1 GB window size, > anyway: the attacker can establish a dial-up connection to ISP A, > initiate a series of 5000x requests with 10 MB window size, then > reconnect to ISP B, and continue to slowly and calmly spoof ACKs > as coming from his previous IP to the attacked server (he knows > all the sequence numbers). It would take 40 bytes to generate next > 10 MB of traffic within an established connection, so it still > sounds like fun for a guy who has a 4 kB/s link. And that's why I > asked whether there was any research done on such issues. A kind reader pointed me off the list to this excellent paper that happens to explore this vector in more detail (making the "Range" behavior more of an issue for certain senders): Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse Rob Sherwood, Bobby Bhattacharjee, Ryan Braud Published in Computer and Communications Security (CCS) 2005 http://www.cs.umd.edu/~capveg/optack/optack-ccs05.pdf Cheers, /mz
Powered by blists - more mailing lists