[118256] in Cypherpunks
Re: KISA Attack
daemon@ATHENA.MIT.EDU (Greg Broiles)
Thu Sep 23 00:38:44 1999
Message-Id: <4.2.0.58.19990922205727.00bc88c0@mail.wenet.net>
Date: Wed, 22 Sep 1999 21:05:44 -0700
To: Sean Roach <roach_s@mail.intplsrv.net>, cypherpunks@algebra.com
From: Greg Broiles <gbroiles@netbox.com>
In-Reply-To: <3.0.6.32.19990923074752.008226b0@mail.intplsrv.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Reply-To: Greg Broiles <gbroiles@netbox.com>
At 05:47 AM 9/23/99 , Sean Roach wrote:
>Excuse me. This will undoubtedly show my ignorance, but.
>What would that serve? If they are tying up your lines to prevent
>your serving others, what advantage would holding the line open for
>them serve? Unless the bottleneck is processor time or file access
>time and not the network connection.
The underlying assumption is that the bottleneck is a single process on the
other machine which is tasked with gathering web pages (maliciously or not)
- that seems like a reasonable assumption, because a single-threaded
program which visits pages serially is easier to write (and less likely to
consume scarce local resources) than a multiple-threaded spider or attack
tool. The latter is, of course, easily possible, but requires more effort.
I suggested the above because the behavior John described sounded like a
normal spider, but operating without a rate limiter - the existence of
malice on the part of the operator being unimportant from a technical
perspective. If that single process can be held open but inactive the first
time it makes a connection, and can be slowed down so that it completes one
request per minute (or hour, or day) rather than one per second, the
bandwidth (and other resources) used by the spider will be much less.
The important distinction between the "teergrube" approach and the "small
result" approach you suggested is that the teergrube completes very slowly,
so the cycle time for the remote machine is very slow. Small but quickly
completed transactions allow the other machine to immediately recycle, to
reattack your machine or someone else's. The "teergrube" tactic might make
more sense if it was called a tar baby instead.
--
Greg Broiles
gbroiles@netbox.com
PGP: 0x26E4488C
