TCP receive window set to 0; DoS or not?
Jim Shankland
nanog at shankland.org
Sat Sep 9 00:55:59 UTC 2006
Travis Hassloch <travis.hassloch at rackspace.com> writes:
> The part where it becomes a DoS is when they tie up all the listeners
> on a socket (e.g. apache), and nothing happens for several minutes until
> their connections time out. Whether intentional or not, it does have
> a negative effect.
Ah, that makes sense. I was assuming a deliberate attack, which is
not actually implicit in the term "DoS". A deliberate denial of
service is not made easier by shrinking the window. But an implementation
that advertises a 0 window in lieu of sending FIN or RST can certainly
deny service inadvertently by tying up resources that should have been
freed.
Jim Shankland
More information about the NANOG
mailing list