Re: Small TCP packets == very large overhead == DoS?

From: John Kristoff (jtkat_private)
Date: Tue Jul 10 2001 - 06:13:49 PDT

Next message: Pavel Kankovsky: "Re: Messenger/Hotmail passwords at risk"

Previous message: David LeBlanc: "RE: Small TCP packets == very large overhead == DoS?"
In reply to: Darren Reed: "Re: Small TCP packets == very large overhead == DoS?"
Next in thread: Brett Lymn: "Re: Small TCP packets == very large overhead == DoS?"
Next in thread: Franck Martin: "RE: Small TCP packets == very large overhead == DoS?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Darren Reed wrote:
> Silly window sizes aren't so bad.  If you have a window size of one then
> you only ever have one outstanding piece of data sent at a time.  So if
> I have 16k of data, it might take 32k or more packets, but I can only send
> one packet at a time.

With a window size of 1, a misbehaving receiver might be able to
anticipate packets injected into the network by the sender.  The
receiver could aggressively generate ACKs before data is actually
received (bypassing typical delayed ACK mechanisms).  This may be more
of a problem for the sender if the rate of 1-byte ACKs is high.  If the
connection and receiver's address could be spoofed, bursts of 1-byte
segments from the sender can be sent to an innocent victim as part of a
tinygram DoS attack.

John

Next message: Pavel Kankovsky: "Re: Messenger/Hotmail passwords at risk"
Previous message: David LeBlanc: "RE: Small TCP packets == very large overhead == DoS?"
In reply to: Darren Reed: "Re: Small TCP packets == very large overhead == DoS?"
Next in thread: Brett Lymn: "Re: Small TCP packets == very large overhead == DoS?"
Next in thread: Franck Martin: "RE: Small TCP packets == very large overhead == DoS?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 10 2001 - 07:06:58 PDT