[92181] in North American Network Operators' Group
Re: TCP receive window set to 0; DoS or not?
daemon@ATHENA.MIT.EDU (Jim Shankland)
Fri Sep 8 20:57:08 2006
Date: Fri, 8 Sep 2006 17:55:59 -0700
From: Jim Shankland <nanog@shankland.org>
To: Travis Hassloch <travis.hassloch@rackspace.com>
Cc: Richard A Steenbergen <ras@e-gerbil.net>, billn@billn.net,
nanog@merit.edu
In-Reply-To: <4501E18F.9040502@rackspace.com>
Errors-To: owner-nanog@merit.edu
Travis Hassloch <travis.hassloch@rackspace.com> writes:
> The part where it becomes a DoS is when they tie up all the listeners
> on a socket (e.g. apache), and nothing happens for several minutes until
> their connections time out. Whether intentional or not, it does have
> a negative effect.
Ah, that makes sense. I was assuming a deliberate attack, which is
not actually implicit in the term "DoS". A deliberate denial of
service is not made easier by shrinking the window. But an implementation
that advertises a 0 window in lieu of sending FIN or RST can certainly
deny service inadvertently by tying up resources that should have been
freed.
Jim Shankland
