Design Issue: Unknown Frame Type MUST IGNORE rule and Denial of Service Attacks

James M Snell <> Fri, 26 April 2013 17:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5366521F99D7 for <>; Fri, 26 Apr 2013 10:56:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -10.186
X-Spam-Status: No, score=-10.186 tagged_above=-999 required=5 tests=[AWL=0.413, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id l1N1AOC2CjG7 for <>; Fri, 26 Apr 2013 10:56:07 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id B0E7721F99D1 for <>; Fri, 26 Apr 2013 10:55:57 -0700 (PDT)
Received: from lists by with local (Exim 4.72) (envelope-from <>) id 1UVmrk-0001IA-MG for; Fri, 26 Apr 2013 17:55:24 +0000
Resent-Date: Fri, 26 Apr 2013 17:55:24 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtp (Exim 4.72) (envelope-from <>) id 1UVmrf-0001Fn-VT for; Fri, 26 Apr 2013 17:55:20 +0000
Received: from ([]) by with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <>) id 1UVmrf-0002AF-1e for; Fri, 26 Apr 2013 17:55:19 +0000
Received: by with SMTP id h1so4286547oag.31 for <>; Fri, 26 Apr 2013 10:54:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=x-received:mime-version:from:date:message-id:subject:to :content-type; bh=yzwwKON3jJEa4E7kEBoLlwQFgW+LGHwSSMKNMEpEFys=; b=BMhDfhrqDg8SjmaDCGJGKPpQ07VWiDhAEd8iaWw+0sYaxRHV9fqMuD03cevs6lOpWw N3jm/2o4/pOnjsGYMMZ/Ys0YX3XSebwpRkCScON+CsyqAH4cYekbmfCfTSNBo2XirfEd 7GhIeNN0y5xABq80TVW9ZLaFoS4mQrf/zcnxgCStVGbykcOgjQlcPjQJdr33GnPQmljH DQ5z8wjn/DH+4T+2Ti/BD99OdrmvFd46y2eY/NtcYS3iJnxUwvx3OB/4lI1TlzlZM5Rv m5VdHMgZEfTwJ3KDQOmVVgmIGxetnqZuP1JZhFaPQb/jQGAD8x2kf/W5ibtrxzbTLuvk UJ1g==
X-Received: by with SMTP id n10mr23889051oew.63.1366998893147; Fri, 26 Apr 2013 10:54:53 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Fri, 26 Apr 2013 10:54:33 -0700 (PDT)
From: James M Snell <>
Date: Fri, 26 Apr 2013 10:54:33 -0700
Message-ID: <>
To: "" <>
Content-Type: text/plain; charset=UTF-8
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-3.4
X-W3C-Hub-Spam-Report: AWL=-2.646, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: 1UVmrf-0002AF-1e 680dbce5ef77c681332f34107b916ba7
Subject: Design Issue: Unknown Frame Type MUST IGNORE rule and Denial of Service Attacks
Archived-At: <>
X-Mailing-List: <> archive/latest/17610
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

In the current draft (-02), we say that Unknown and unrecognized Frame
types MUST be ignored by an endpoint. While this is ok in theory, this
can be very dangerous in practice. Specifically, an attacking sender
could choose to flood a recipient with a high number of junk frames
that use a previously unused type code. Because of the MUST IGNORE
rule, these would simply be discarded by the recipient but the damage
will already have been done. Flow control actions could help mitigate
the problem, but those are only partially effective.

Also, the order of processing here for error handling is not clear.

Let's say an attacker sends a HEADERS frame to the server initiating a
stream. The server sends an RST_STREAM REFUSED_STREAM fully closing
the stream. The attacker continues to send JUNK frames for the same
stream ID. There are two conditions happening here:

1. The sender is sending frames for a closed stream, which ought to
result in an RST_STREAM, but..

2. The frame type is unknown and unrecognized by the server so MUST be ignored.

Which condition takes precedence and how do we mitigate the possible
attack vector on this one.

- James