Vulnerability Development mailing list archives
Re: Bug, probable DoS in http connection or just paranoia?
From: Mark Collins <me () THISISNURGLE ORG UK>
Date: Mon, 18 Dec 2000 16:23:38 +0100
My question is: Could this method of creating idle LAST_ACK connections be used to perform some kind of DoS attack? (what if this page had a refresh of 10 seconds?). Maybe this is normal for some web pages out there in the internet but i'm worried that the time-out to kill these connections is too big.
Why every ten seconds? If you had a frame, with one page being 1 pixel wide/high, with the other being a 'legitimate' page, such as a web directory, you could have the small fram refresh every second, without the user even noticing. Or you could have some JavaScript that would download a different image every second(I'm not sure the code to do this, but an array of valid images.files of a certain size (the array, not the files) could 'refresh' enough times to cause a similar effect. I've never noticed this sort of behaviour before, but it's real easy to write a simple HTTP server to do this (that keeps KeepAlive connection going on). In theory, you never actually need to disconnect a KeepAlive session (the client can force KeepAlive off though, but I'm yet to see a browser that let's you do this yourself.) Of course, a decent browser would use the allready open connection to download the new stuff (unless there are multiple downloads required at the same time, so a gfx intensive page might pull this off)... The Imfamous Mark 'Nurgle' Collins Lead Author - 'Linux Game Programming'
Current thread:
- Re: Bug, probable DoS in http connection or just paranoia? Mark Collins (Dec 18)
- <Possible follow-ups>
- Bug, probable DoS in http connection or just paranoia? Omar Herrera (Dec 19)