Bugtraq mailing list archives

Re: Suspicion about denial of service attacks possible on IP.

From: imp () village org (Warner Losh)
Date: Tue, 22 Oct 1996 05:08:29 -0600


In message <Pine.HPP.3.95.961021181919.1137F-100000 () tide one se> Henrik P Johnson writes:
: I was idly reading through Internetworking with TCP/IP yesterday
: when it hit me what might be a possible denial of service attack on
: IP stacks. What would happen if a host was bombarded with faked
: fragments of large IP packages. Would the stack allocate more and
                        packet
: more memory trying to reconstruct the packages or do they operate
                                        packet
: with a fixed/max size limit on memory allocated for IP
: defragmentation?

BSD based stacks (and likely most sane others) don't allocate buffer
space for the entire packet.  They tend to use a linked list of
packets and later do a pullup if they need the data in one chunk.  In
addition, many stacks operate out of a fixed/limited pool of memory so
that if you get a lot of network traffic all at once, the worst that
happens is you drop those packets you have no memory for, and
incomplete packets "quickly" timeout.

Warner

Current thread:

Suspicion about denial of service attacks possible on IP. Henrik P Johnson (Oct 21)
- Re: Suspicion about denial of service attacks possible on IP. Warner Losh (Oct 22)
- Re: Suspicion about denial of service attacks possible on IP. Jon Lewis (Oct 22)
- Re: Suspicion denied Nathan Lawson (Oct 22)
- Re: Suspicion about denial of service attacks possible on IP. Darren Reed (Oct 22)
- <Possible follow-ups>
- Re: Suspicion about denial of service attacks possible on IP. J.R.Valverde (Oct 22)
- Re: Suspicion about denial of service attacks possible on IP. Keith Bostic (Oct 22)