Re: [tcpm] TCP zero window timeout?

Joe Touch <touch@ISI.EDU> Sat, 26 August 2006 02:49 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GGoEx-0000ii-7f; Fri, 25 Aug 2006 22:49:43 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GGoEw-0000ia-6k for tcpm@ietf.org; Fri, 25 Aug 2006 22:49:42 -0400
Received: from vapor.isi.edu ([128.9.64.64]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GGoEu-0000hl-Q4 for tcpm@ietf.org; Fri, 25 Aug 2006 22:49:42 -0400
Received: from [192.168.1.42] (pool-71-106-94-15.lsanca.dsl-w.verizon.net [71.106.94.15]) by vapor.isi.edu (8.13.6/8.13.6) with ESMTP id k7Q2m8eQ022395; Fri, 25 Aug 2006 19:48:08 -0700 (PDT)
Message-ID: <44EFB668.70904@isi.edu>
Date: Fri, 25 Aug 2006 19:48:08 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 1.5.0.5 (Windows/20060719)
MIME-Version: 1.0
To: Mahesh Jethanandani <mahesh@cisco.com>
Subject: Re: [tcpm] TCP zero window timeout?
References: <D87D0DFD1BEB364D8E528F28527DD6130240571D@bcs-mail2.internal.cacheflow.com> <7.0.1.0.0.20060722170818.05a59eb8@gont.com.ar> <44EF8F0D.7030803@cisco.com>
In-Reply-To: <44EF8F0D.7030803@cisco.com>
X-Enigmail-Version: 0.94.0.0
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cf3becbbd6d1a45acbe2ffd4ab88bdc2
Cc: "Mahdavi, Jamshid" <jamshid.mahdavi@bluecoat.com>, tcpm@ietf.org, "Anantha Ramaiah \(ananth\)" <ananth@cisco.com>, Fernando Gont <fernando@gont.com.ar>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0005461213=="
Errors-To: tcpm-bounces@ietf.org

Wouldn't this just result in the DOS attacker ACKing one byte at a time
to prolong the connection needlessly?

I.e., what's the point of putting this behavior inside TCP, vs. having
the server give up on a connection after what it considers a reasonable
time?

Joe

Mahesh Jethanandani wrote:
> Jamshid,
> 
> Looking at draft-ietf-tcpm-tcp-uto it appears that the draft is
> specifically looking at the question of disconnection in the network. It
> also applies to retransmission timer.
> 
> The situation I was referring to is a little different and applies to
> persist timer. In our situation the client stops reading data. These
> clients are machines out in the Internet and as such the server has no
> control over their behavior. So while there is unacknowledged data, it
> is not that the client is not acking any data. It is responding to the
> probe but that it continuously advertises a window of zero.  There is
> currently to my knowledge no timeout for this state for the server. This
> can manifest itself as a DOS situation if there are several such
> connections where the server is forced to hold data.
> 
> We are suggesting a solution that allows the server to get out of this
> situation by applying a upper bound on the duration of the persist
> state. Note, it is not the default behavior for TCP. The default
> behavior is still the same. The user/administrator has to explicitly
> turn it on for the server to close the connection and free the resources
> in case it is believed that it is under attack.
> 
> Fernando Gont wrote:
>> At 13:24 21/07/2006, Mahdavi, Jamshid wrote:
>>
>>> What is the status of draft-eggert-tcpm-tcp-abort-timeout-option-01?  It
>>> may be of some use in situations like this.  I've recently seen another
>>> scenario where this would be useful, so I'd be interested in seeing that
>>> draft reposted...
>>
>> It was merged with draft-gont-tcpm-tcp-auto-option into
>> draft-ietf-tcpm-tcp-uto.
>>
>> The latest revision is draft-ietf-tcpm-tcp-uto-03.txt, available at
>> the usual places (e.g.,
>> http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcp-uto-03.txt).
>>
>> Feedback is more than welcome. ;-)
>>
>> Kindest regards,
>>
>> -- 
>> Fernando Gont
>> e-mail: fernando@gont.com.ar || fgont@acm.org
>> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> tcpm mailing list
>> tcpm@ietf.org
>> https://www1.ietf.org/mailman/listinfo/tcpm
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org
> https://www1.ietf.org/mailman/listinfo/tcpm

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm