Bugtraq mailing list archives
Re: Small TCP packets == very large overhead == DoS?
From: Eric Vyncke <evyncke () cisco com>
Date: Mon, 09 Jul 2001 17:20:50 +0200
Darren, Interesting email...If the attack is done through bad client specifying a ultra small MSS, at least, the server should be able to track them. As doing IP spoofing with TCP is difficult if the ISN are random enough.
If the attack is done through generated ICMP unreachable cannot fragment (mimicking the PMTUD process), well, the attacker needs to be on the path to be able to include the failed IP packet (mainly for TCP ports). And if the attacker is on the path, I'm pretty sure that he/she could do more damage anyway.
Having said this, I'll go to my web servers and check what their smallest MSS is ;-)
Just my still falling (!) 0.01 EUR -eric
Current thread:
- Small TCP packets == very large overhead == DoS? Darren Reed (Jul 07)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 09)
- RE: Small TCP packets == very large overhead == DoS? David LeBlanc (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? Pavel Machek (Jul 15)
- Re: Small TCP packets == very large overhead == DoS? Crist Clark (Jul 19)
- <Possible follow-ups>
- Re: Small TCP packets == very large overhead == DoS? Eric Vyncke (Jul 09)
- RE: Small TCP packets == very large overhead == DoS? Russ (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 10)
- RE: Small TCP packets == very large overhead == DoS? David LeBlanc (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? gregory duchemin (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? John Kristoff (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? Brett Lymn (Jul 10)
- RE: Small TCP packets == very large overhead == DoS? Franck Martin (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? Crist Clark (Jul 18)