BugTraq
a cheesy Apache / IIS DoS vuln (+a question) Jan 03 2007 11:27PM
Michal Zalewski (lcamtuf dione ids pl) (4 replies)
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 05 2007 08:45AM
bugtraq (bugtraq securityfocus lists bitrouters com) (1 replies)
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 09 2007 06:15AM
William A. Rowe, Jr. (wrowe rowe-clan net) (1 replies)
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 10 2007 10:04AM
bugtraq (bugtraq securityfocus lists bitrouters com)
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 04 2007 12:36PM
Siim Põder (windo p6drad-teel net)
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 04 2007 11:45AM
Pieter de Boer (pieter thedarkside nl) (1 replies)
Michal Zalewski wrote:
> 2) Negotiate a high TCP window size for each of the connections (1 GB
> should be doable),
>
Just zooming in on one detail of your e-mail. While you could set your
own TCP receive window to 1GB, you obviously can't set the sender's send
window to 1GB if it doesn't want to.

For instance, FreeBSD by default has TCP send buffers set to 32KB. It
does not (apart from recent work) do dynamic buffer sizing. 32KB is all
you get. Sysadmins probably raise this value, but, especially with large
amounts of connections, it can't be set too high or mbufs will run out.
I'd guess people wouldn't set it to much more than 1MB or such.

Linux does do dynamic buffer sizing but also has some limits set. On a
recent Ubuntu (desktop), the sysctl net.ipv4.tcp_wmem is set to '4096
16384 131072'. The last parameter is the maximum amount of buffer space
reserved for sending, per TCP socket. Again, sysadmins probably raise
this value in practice.

Concluding, I think your suggested attack might work, but it would need
a braindead configuration on the sender's end to be really effective.
It's probably easier just to send some ACKs now and then..

--
Pieter

[ reply ]
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 04 2007 06:47PM
Rob Sherwood (capveg cs umd edu)
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 04 2007 05:35AM
William A. Rowe, Jr. (wrowe rowe-clan net) (2 replies)
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 05 2007 07:11AM
Gadi Evron (ge linuxbox org)
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 04 2007 08:18AM
Michal Zalewski (lcamtuf dione ids pl)


 

Privacy Statement
Copyright 2010, SecurityFocus