nanog mailing list archives
Re: TCP receive window set to 0; DoS or not?
From: Richard A Steenbergen <ras () e-gerbil net>
Date: Fri, 8 Sep 2006 02:47:09 -0400
On Thu, Sep 07, 2006 at 11:28:47PM -0700, Jim Shankland wrote:
Richard A Steenbergen <ras () e-gerbil net> writes:Advertising a window of 0 is a perfectly valid way of telling the other side that you are temporarily out of resoruces, and would like them to stop sending you data....Except that that's not what's going on here. This message appears when the TCP peer shrinks the window, withdrawing a previously granted permission to send bytes -- a protocol violation. For example, you're free to tell me (with your window advertisement) that you're authorizing me to send you 32K bytes, and then, after I've sent you 32K bytes, to close the window until you're ready to accept more. You're not free to tell me it's OK to send 32K bytes, then change your mind and advertise a window size of 0 after I've sent you only 16K bytes.
Ok, looking at the error condition in further detail I do believe that
you're righ. So, per RFC1122:
4.2.2.16 Managing the Window: RFC-793 Section 3.7, page 41
A TCP receiver SHOULD NOT shrink the window, i.e., move the
right window edge to the left. However, a sending TCP MUST
be robust against window shrinking, which may cause the
"useable window" (see Section 4.2.3.4) to become negative.
It is a warning message generated by a "SHOULD NOT" violation, during the
"MUST be robust against this behavior" section of code.
Looking at other such messages in the Linux kernel which are wrapped in
#ifdef TCP_DEBUG, they all appear to be equally esoteric and probably not
worth mentioning to the end user. However it looks like TCP_DEBUG is
enabled by default (don't ask me why), which when combined with a
relatively inane message using "alarm provoking" words, serves only to
confuse. :)
To address the "DoS" question, I don't see how this protocol violation enables a DoS attack. More likely, it's simply somebody's buggy TCP stack misbehaving. That "somebody" is unlikely to be Windows, MacOS, FreeBSD, or Linux. My money is on some flavor of $50 NAT/"home router" box.
Did a little poking into this condition on other platforms as well, and as previously mentioned it does appear to be fairly contained to "mobile devices" (not sure which ones though). I guess if you have a small portable device with limited memory, this may be an issue. -- Richard A Steenbergen <ras () e-gerbil net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Current thread:
- TCP receive window set to 0; DoS or not? Travis Hassloch (Sep 07)
- Re: TCP receive window set to 0; DoS or not? billn (Sep 07)
- Re: TCP receive window set to 0; DoS or not? Richard A Steenbergen (Sep 07)
- Re: TCP receive window set to 0; DoS or not? billn (Sep 07)
- Re: TCP receive window set to 0; DoS or not? Steven M. Bellovin (Sep 07)
- Re: TCP receive window set to 0; DoS or not? Jim Shankland (Sep 07)
- Re: TCP receive window set to 0; DoS or not? Richard A Steenbergen (Sep 07)
- Re: TCP receive window set to 0; DoS or not? Travis Hassloch (Sep 08)
- Re: TCP receive window set to 0; DoS or not? Jim Shankland (Sep 08)
- Re: TCP receive window set to 0; DoS or not? Richard A Steenbergen (Sep 07)
- Re: TCP receive window set to 0; DoS or not? billn (Sep 07)
- <Possible follow-ups>
- Re: TCP receive window set to 0; DoS or not? billn (Sep 07)
- Re: TCP receive window set to 0; DoS or not? Christopher L. Morrow (Sep 07)
- Re: TCP receive window set to 0; DoS or not? David E. Smith (Sep 07)
- Re: TCP receive window set to 0; DoS or not? Robert E . Seastrom (Sep 08)
- Re: TCP receive window set to 0; DoS or not? Christopher L. Morrow (Sep 07)
- Re: TCP receive window set to 0; DoS or not? Fernando Gont (Sep 26)