[3546] in bugtraq
Re: Suspicion about denial of service attacks possible on IP.
daemon@ATHENA.MIT.EDU (Warner Losh)
Tue Oct 22 13:51:39 1996
Date: Tue, 22 Oct 1996 05:08:29 -0600
Reply-To: Warner Losh <imp@village.org>
From: Warner Losh <imp@village.org>
X-To: Henrik P Johnson <hpj@one.se>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: Your message of "Mon, 21 Oct 1996 18:22:28 +0200."
<Pine.HPP.3.95.961021181919.1137F-100000@tide.one.se>
In message <Pine.HPP.3.95.961021181919.1137F-100000@tide.one.se> Henrik P Johnson writes:
: I was idly reading through Internetworking with TCP/IP yesterday
: when it hit me what might be a possible denial of service attack on
: IP stacks. What would happen if a host was bombarded with faked
: fragments of large IP packages. Would the stack allocate more and
packet
: more memory trying to reconstruct the packages or do they operate
packet
: with a fixed/max size limit on memory allocated for IP
: defragmentation?
BSD based stacks (and likely most sane others) don't allocate buffer
space for the entire packet. They tend to use a linked list of
packets and later do a pullup if they need the data in one chunk. In
addition, many stacks operate out of a fixed/limited pool of memory so
that if you get a lot of network traffic all at once, the worst that
happens is you drop those packets you have no memory for, and
incomplete packets "quickly" timeout.
Warner
