Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: TCP receive window set to 0; DoS or not?

  • From: Travis Hassloch
  • Date: Fri Sep 08 17:37:06 2006

Hash: SHA1

Jim Shankland wrote:
> To address the "DoS" question, I don't see how this protocol violation
> enables a DoS attack.  More likely, it's simply somebody's buggy
> TCP stack misbehaving.  That "somebody" is unlikely to be Windows, MacOS,
> FreeBSD, or Linux.  My money is on some flavor of $50 NAT/"home router"
> box.

The part where it becomes a DoS is when they tie up all the listeners
on a socket (e.g. apache), and nothing happens for several minutes until
their connections time out.  Whether intentional or not, it does have
a negative effect.

It's insidious in that it leaves no traces in the application logs;
in particular, apache never logs anything because they never
complete a transaction (it logs when they finish).
- --
The whole point of the Internet is that different kinds of computers
can interoperate.  Every time you see a web site that only supports
certain browsers or operating systems, they clearly don't get it.
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.