BugTraq
a cheesy Apache / IIS DoS vuln (+a question) Jan 03 2007 11:27PM
Michal Zalewski (lcamtuf dione ids pl) (4 replies)
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 05 2007 08:45AM
bugtraq (bugtraq securityfocus lists bitrouters com) (1 replies)
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 09 2007 06:15AM
William A. Rowe, Jr. (wrowe rowe-clan net) (1 replies)
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 10 2007 10:04AM
bugtraq (bugtraq securityfocus lists bitrouters com)
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 04 2007 12:36PM
Siim Põder (windo p6drad-teel net)
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 04 2007 11:45AM
Pieter de Boer (pieter thedarkside nl) (1 replies)
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 04 2007 06:47PM
Rob Sherwood (capveg cs umd edu)
On Thu, Jan 04, 2007 at 12:45:35PM +0100, Pieter de Boer wrote:
> Michal Zalewski wrote:
> > 2) Negotiate a high TCP window size for each of the connections (1 GB
> > should be doable),
> >
> For instance, FreeBSD by default has TCP send buffers set to 32KB. It
> does not (apart from recent work) do dynamic buffer sizing. 32KB is all
> you get. Sysadmins probably raise this value, but, especially with large
> amounts of connections, it can't be set too high or mbufs will run out.
> I'd guess people wouldn't set it to much more than 1MB or such.

Correct. rfc2414 says the initial sender window should be:

min (4*MSS, max (2*MSS, 4380 bytes))

So you can't just connect, request, and drop the connection to get a GB
of traffic. The attacker must send acks periodically.

> Concluding, I think your suggested attack might work, but it would need
> a braindead configuration on the sender's end to be really effective.
> It's probably easier just to send some ACKs now and then..

This is exactly the attack described in CERT Advisory [VU#102014]
(http://www.kb.cert.org/vuls/id/102014)

and:

Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse
Rob Sherwood, Bobby Bhattacharjee, Ryan Braud
Published in Computer and Communications Security (CCS) 2005
(http://www.cs.umd.edu/~capveg/optack/optack-ccs05.pdf)

- Rob Sherwood
.

[ reply ]
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 04 2007 05:35AM
William A. Rowe, Jr. (wrowe rowe-clan net) (2 replies)
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 05 2007 07:11AM
Gadi Evron (ge linuxbox org)
Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 04 2007 08:18AM
Michal Zalewski (lcamtuf dione ids pl)


 

Privacy Statement
Copyright 2010, SecurityFocus