Re: Small TCP packets == very large overhead == DoS?

From: gregory duchemin (c3rb3rat_private)
Date: Mon Jul 09 2001 - 18:17:29 PDT

Next message: Darren Reed: "Re: Small TCP packets == very large overhead == DoS?"

Previous message: Walter Reed: "Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3)"
Maybe in reply to: Darren Reed: "Small TCP packets == very large overhead == DoS?"
Next in thread: Darren Reed: "Re: Small TCP packets == very large overhead == DoS?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hello,


know if the TCP silly window syndrome might be used too ?
Uploading/downloading files byte per byte to/from a remote ftp server with a
stupid window size of one byte may generate a very high overhead.

My tanenbaum book say that Clark solution consists in avoiding sender
(attacker) from sending window size notification till his buffer is
egal to the initial mss value *OR* half empty.
so using a buffer size of one byte may theoricaly result in a notification
storm and a great bandwidth waste due to a large amount of headers.
Defining a buffer size of one byte is made possible by using specific socket
options (SO_SNDBUF/SO_RCVBUF/SO_SNDLOWAT/SO_RCVLOWAT) with setsockopt()

did someone here already try it ?

cheers,


Gregory




_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Next message: Darren Reed: "Re: Small TCP packets == very large overhead == DoS?"
Previous message: Walter Reed: "Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3)"
Maybe in reply to: Darren Reed: "Small TCP packets == very large overhead == DoS?"
Next in thread: Darren Reed: "Re: Small TCP packets == very large overhead == DoS?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 09 2001 - 23:19:19 PDT