Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: TCP receive window set to 0; DoS or not?

  • From: Jim Shankland
  • Date: Fri Sep 08 02:32:46 2006

Richard A Steenbergen <> writes:
> Advertising a window of 0 is a perfectly valid way of telling the other
> side that you are temporarily out of resoruces, and would like them to
> stop sending you data....

Except that that's not what's going on here.  This message appears
when the TCP peer shrinks the window, withdrawing a previously granted
permission to send bytes -- a protocol violation.  For example, you're
free to tell me (with your window advertisement) that you're
authorizing me to send you 32K bytes, and then, after I've sent you
32K bytes, to close the window until you're ready to accept more.
You're not free to tell me it's OK to send 32K bytes, then change your
mind and advertise a window size of 0 after I've sent you only 16K

To address the "DoS" question, I don't see how this protocol violation
enables a DoS attack.  More likely, it's simply somebody's buggy
TCP stack misbehaving.  That "somebody" is unlikely to be Windows, MacOS,
FreeBSD, or Linux.  My money is on some flavor of $50 NAT/"home router"

Jim Shankland

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.