Re: Bug, probable DoS in http connection or just paranoia?

[Mark Collins <me () THISISNURGLE ORG UK>]

> My question is: Could this method of creating idle LAST_ACK connections
> be used to perform some kind of DoS attack?  (what if this page had a
> refresh of 10 seconds?). Maybe this is normal for some web pages out
> there in the internet but i'm worried that the time-out to kill these
> connections is too big.


Why every ten seconds?

If you had a frame, with one page being 1 pixel wide/high, with the other
being a 'legitimate' page, such as a web directory, you could have the small
fram refresh every second, without the user even noticing.

Or you could have some JavaScript that would download a different image
every second(I'm not sure the code to do this, but an array of valid
images.files of a certain size (the array, not the files) could 'refresh'
enough times to cause a similar effect.

I've never noticed this sort of behaviour before, but it's real easy to
write a simple HTTP server to do this (that keeps KeepAlive connection going
on). In theory, you never actually need to disconnect a KeepAlive session
(the client can force KeepAlive off though, but I'm yet to see a browser
that let's you do this yourself.) Of course, a decent browser would use the
allready open connection to download the new stuff (unless there are
multiple downloads required at the same time, so a gfx intensive page might
pull this off)...

The Imfamous Mark 'Nurgle' Collins
Lead Author - 'Linux Game Programming'