Bugtraq mailing list archives
Re: Suspicion about denial of service attacks possible on IP.
From: imp () village org (Warner Losh)
Date: Tue, 22 Oct 1996 05:08:29 -0600
In message <Pine.HPP.3.95.961021181919.1137F-100000 () tide one se> Henrik P Johnson writes: : I was idly reading through Internetworking with TCP/IP yesterday : when it hit me what might be a possible denial of service attack on : IP stacks. What would happen if a host was bombarded with faked : fragments of large IP packages. Would the stack allocate more and packet : more memory trying to reconstruct the packages or do they operate packet : with a fixed/max size limit on memory allocated for IP : defragmentation? BSD based stacks (and likely most sane others) don't allocate buffer space for the entire packet. They tend to use a linked list of packets and later do a pullup if they need the data in one chunk. In addition, many stacks operate out of a fixed/limited pool of memory so that if you get a lot of network traffic all at once, the worst that happens is you drop those packets you have no memory for, and incomplete packets "quickly" timeout. Warner
Current thread:
- Suspicion about denial of service attacks possible on IP. Henrik P Johnson (Oct 21)
- Re: Suspicion about denial of service attacks possible on IP. Warner Losh (Oct 22)
- Re: Suspicion about denial of service attacks possible on IP. Jon Lewis (Oct 22)
- Re: Suspicion denied Nathan Lawson (Oct 22)
- Re: Suspicion about denial of service attacks possible on IP. Darren Reed (Oct 22)
- <Possible follow-ups>
- Re: Suspicion about denial of service attacks possible on IP. J.R.Valverde (Oct 22)
- Re: Suspicion about denial of service attacks possible on IP. Keith Bostic (Oct 22)