Bugtraq mailing list archives
Re: a cheesy Apache / IIS DoS vuln (+a question)
From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Thu, 4 Jan 2007 19:26:07 +0100 (CET)
On Thu, 4 Jan 2007, Michal Zalewski wrote:
On Thu, 4 Jan 2007, William A. Rowe, Jr. wrote: 2) Theoretical window size limits and commonly implemented settings do have a side effect of making such attacks more feasible for attackers with a very limited bandwidth available. There's probably not that much difference between a 10 MB and a 1 GB window size, anyway: the attacker can establish a dial-up connection to ISP A, initiate a series of 5000x requests with 10 MB window size, then reconnect to ISP B, and continue to slowly and calmly spoof ACKs as coming from his previous IP to the attacked server (he knows all the sequence numbers). It would take 40 bytes to generate next 10 MB of traffic within an established connection, so it still sounds like fun for a guy who has a 4 kB/s link. And that's why I asked whether there was any research done on such issues.
A kind reader pointed me off the list to this excellent paper that happens to explore this vector in more detail (making the "Range" behavior more of an issue for certain senders): Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse Rob Sherwood, Bobby Bhattacharjee, Ryan Braud Published in Computer and Communications Security (CCS) 2005 http://www.cs.umd.edu/~capveg/optack/optack-ccs05.pdf Cheers, /mz
Current thread:
- a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 03)
- Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr. (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr. (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr. (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Gadi Evron (Jan 08)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Rob Sherwood (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr. (Jan 09)
- Re: a cheesy Apache / IIS DoS vuln (+a question) bugtraq (Jan 10)