Bugtraq mailing list archives
Re: Small TCP packets == very large overhead == DoS?
From: "Crist Clark" <crist.clark () globalstar com>
Date: Tue, 17 Jul 2001 17:20:36 -0700
Guess we were all having too much fun at Black Hat/DEFCON. -------- Original Message -------- Subject: Re: Small TCP packets == very large overhead == DoS? Date: Sun, 15 Jul 2001 20:29:41 -0600 From: aleph1 () securityfocus com To: Crist Clark <crist.clark () globalstar com> References: <200107092228.IAA26460 () caligula anu edu au> <3B4AFF8D.5D6A0A89 () depaul edu> <3B4B3F9F.47ABD9C6 () globalstar com> It appears I this message felt through the cracks. Please, feel free to post it again. * Crist Clark (crist.clark () globalstar com) [010710 11:47]:
John Kristoff wrote:Darren Reed wrote:Silly window sizes aren't so bad. If you have a window size of one then you only ever have one outstanding piece of data sent at a time. So if I have 16k of data, it might take 32k or more packets, but I can only send one packet at a time.With a window size of 1, a misbehaving receiver might be able to anticipate packets injected into the network by the sender. The receiver could aggressively generate ACKs before data is actually received (bypassing typical delayed ACK mechanisms). This may be more of a problem for the sender if the rate of 1-byte ACKs is high. If the connection and receiver's address could be spoofed, bursts of 1-byte segments from the sender can be sent to an innocent victim as part of a tinygram DoS attack.OK, now we are getting away from MSS issues and moving completely into "Daytona" TCP attacks. Daytona attacks are independent of any real or imagined MSS issues, but it is possible that toying with the MSS could amplify the effects of a Daytona attack. http://www.cs.washington.edu/homes/savage/papers/CCR99.pdf -- Crist J. Clark Network Security Engineer crist.clark () globalstar com Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster () globalstar com
-- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
Current thread:
- Re: Small TCP packets == very large overhead == DoS?, (continued)
- Re: Small TCP packets == very large overhead == DoS? Crist Clark (Jul 19)
- Re: Small TCP packets == very large overhead == DoS? Eric Vyncke (Jul 09)
- RE: Small TCP packets == very large overhead == DoS? Russ (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 10)
- RE: Small TCP packets == very large overhead == DoS? David LeBlanc (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? gregory duchemin (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? John Kristoff (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? Brett Lymn (Jul 10)
- RE: Small TCP packets == very large overhead == DoS? Franck Martin (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? Crist Clark (Jul 18)