Bugtraq mailing list archives
Re: a cheesy Apache / IIS DoS vuln (+a question)
From: Pieter de Boer <pieter () thedarkside nl>
Date: Thu, 04 Jan 2007 12:45:35 +0100
Michal Zalewski wrote:
Just zooming in on one detail of your e-mail. While you could set your own TCP receive window to 1GB, you obviously can't set the sender's send window to 1GB if it doesn't want to.2) Negotiate a high TCP window size for each of the connections (1 GB should be doable),
For instance, FreeBSD by default has TCP send buffers set to 32KB. It does not (apart from recent work) do dynamic buffer sizing. 32KB is all you get. Sysadmins probably raise this value, but, especially with large amounts of connections, it can't be set too high or mbufs will run out. I'd guess people wouldn't set it to much more than 1MB or such.
Linux does do dynamic buffer sizing but also has some limits set. On a recent Ubuntu (desktop), the sysctl net.ipv4.tcp_wmem is set to '4096 16384 131072'. The last parameter is the maximum amount of buffer space reserved for sending, per TCP socket. Again, sysadmins probably raise this value in practice.
Concluding, I think your suggested attack might work, but it would need a braindead configuration on the sender's end to be really effective. It's probably easier just to send some ACKs now and then..
-- Pieter
Current thread:
- a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 03)
- Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr. (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr. (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Michal Zalewski (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr. (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Gadi Evron (Jan 08)
- Re: a cheesy Apache / IIS DoS vuln (+a question) Rob Sherwood (Jan 04)
- Re: a cheesy Apache / IIS DoS vuln (+a question) William A. Rowe, Jr. (Jan 09)
- Re: a cheesy Apache / IIS DoS vuln (+a question) bugtraq (Jan 10)