[92179] in North American Network Operators' Group
Re: TCP receive window set to 0; DoS or not?
daemon@ATHENA.MIT.EDU (Travis Hassloch)
Fri Sep 8 17:35:42 2006
Date: Fri, 08 Sep 2006 16:33:03 -0500
From: Travis Hassloch <travis.hassloch@rackspace.com>
To: Jim Shankland <nanog@shankland.org>
Cc: Richard A Steenbergen <ras@e-gerbil.net>, billn@billn.net,
nanog@merit.edu
In-Reply-To: <200609080628.k886Slaa018305@etoile.shankland.org>
Errors-To: owner-nanog@merit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jim Shankland wrote:
> To address the "DoS" question, I don't see how this protocol violation
> enables a DoS attack. More likely, it's simply somebody's buggy
> TCP stack misbehaving. That "somebody" is unlikely to be Windows, MacOS,
> FreeBSD, or Linux. My money is on some flavor of $50 NAT/"home router"
> box.
The part where it becomes a DoS is when they tie up all the listeners
on a socket (e.g. apache), and nothing happens for several minutes until
their connections time out. Whether intentional or not, it does have
a negative effect.
It's insidious in that it leaves no traces in the application logs;
in particular, apache never logs anything because they never
complete a transaction (it logs when they finish).
- --
The whole point of the Internet is that different kinds of computers
can interoperate. Every time you see a web site that only supports
certain browsers or operating systems, they clearly don't get it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFAeGPPlSPhv5tocwRAgSVAJ4qGEo/aR4CMaBcnsu+H6DyGpN7iACfcMAM
FGvZWaAY2GYVSDLf37YUwbw=
=RZ/F
-----END PGP SIGNATURE-----
