TCP receive window set to 0; DoS or not?

Jim Shankland nanog at
Sat Sep 9 00:55:59 UTC 2006

Travis Hassloch <travis.hassloch at> writes:
> The part where it becomes a DoS is when they tie up all the listeners
> on a socket (e.g. apache), and nothing happens for several minutes until
> their connections time out.  Whether intentional or not, it does have
> a negative effect.

Ah, that makes sense.  I was assuming a deliberate attack, which is
not actually implicit in the term "DoS".  A deliberate denial of
service is not made easier by shrinking the window.  But an implementation
that advertises a 0 window in lieu of sending FIN or RST can certainly
deny service inadvertently by tying up resources that should have been

Jim Shankland

More information about the NANOG mailing list