Re: [tcpm] Is this a problem?
MURALI BASHYAM <murali_bashyam@yahoo.com> Tue, 30 October 2007 06:11 UTC
Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1ImkK7-0000uS-O1; Tue, 30 Oct 2007 02:11:35 -0400
Received: from tcpm by megatron.ietf.org with local (Exim 4.43) id 1ImkK6-0000uL-ST for tcpm-confirm+ok@megatron.ietf.org; Tue, 30 Oct 2007 02:11:34 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1ImkK6-0000uB-GX for tcpm@ietf.org; Tue, 30 Oct 2007 02:11:34 -0400
Received: from web31709.mail.mud.yahoo.com ([68.142.201.189]) by chiedprmail1.ietf.org with smtp (Exim 4.43) id 1ImkK5-0005c6-Rw for tcpm@ietf.org; Tue, 30 Oct 2007 02:11:34 -0400
Received: (qmail 14528 invoked by uid 60001); 30 Oct 2007 05:44:52 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:Cc:MIME-Version:Content-Type:Message-ID; b=FPa7Di87kFk8mlLnpvxPpjiCaen7ViRHRnz0w188NaUmwg0nQpaEwpiT8+K7IgGT247JrcOPbB8E/nF+Ew7eWbqcPtgeMY8PLmRnr5DuEE81Ic5mb82yycQ/MjjMpc/lGJc5KOjg/4e6eni0jw34e7d1p9z3n3a3K/SW5reErI4=;
X-YMail-OSG: NevsUwwVM1nPEPZ7r1TXa4ZrohtM7swvG5lSQITHBoCqJQ1ui_9DqjbEhXLWB_g7Dg--
Received: from [67.161.9.166] by web31709.mail.mud.yahoo.com via HTTP; Mon, 29 Oct 2007 22:44:52 PDT
X-Mailer: YahooMailRC/814.05 YahooMailWebService/0.7.152
Date: Mon, 29 Oct 2007 22:44:52 -0700
From: MURALI BASHYAM <murali_bashyam@yahoo.com>
Subject: Re: [tcpm] Is this a problem?
To: Joe Touch <touch@ISI.EDU>, Mahesh Jethanandani <mahesh@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-ID: <322287.14097.qm@web31709.mail.mud.yahoo.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 057ebe9b96adec30a7efb2aeda4c26a4
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org
----- Original Message ---- From: Joe Touch <touch@ISI.EDU> To: Mahesh Jethanandani <mahesh@cisco.com> Cc: tcpm@ietf.org Sent: Monday, October 29, 2007 3:42:41 PM Subject: Re: [tcpm] Is this a problem? Mahesh Jethanandani wrote: > Folks, > > We have documented a case of HTTP servers that are prone to resource > starvation with the use of a small user level program. The program does > not require any special privileges or changes in the kernel. The user > level program on the client opens a connection to a HTTP server, sends a > GET request for a large file (larger than the advertised window of the > client) but never reads the response. > > Three well-known, public sites were tested for this vulnerability. > The two most common HTTP servers, Apache and IIS were the target. > While one site had put mitigation technique in place, the others had > none. With the latter two we were able to hold connections in > ESTABLISHED state for days. The former site had a mitigation in place > with a fixed timeout of 11 min., which was easy to guess and work > around. > > We (the authors) believe that this is a huge problem. What do you > folks feel? I agree with Caitlin and your previous responses; this is an application problem. So we are placing the responsibility for protecting system-wide TCP resources such as buffers and connections on all the TCP based applications out there? Which "application" are you referring to here? BGP? NFS ? CIFS? HTTP? SMTP? FTP? The entire application community? Potentially several or all of these apps are vulnerable. How do we bring all these protocols into a single agreeable framework and accomplish the right thing? > Previous responses to this documentation has been that it is a > application problem. It is clear from our experimentation that most HTTP > servers (and FTP too) have not implemented any mitigation techniques. We > believe that this problem exists across the whole range of TCP based > applications prevalent on the internet, although our experiments were > limited to the web application. Where applications have tried to put > mitigation techniques in place, workaround has been easy. This is mainly > because applications do not have the same amount of visibility as TCP > does on the state of the connection. Applications know when a connection hasn't closed. They also know when a write would block due to insufficient socket resources. Either or both of these provide sufficient visibility to avoid the problem entirely. Applications cannot discriminate between a connection that's stalled due to network congestion and a connection that's being stalled by a malicious receiver who has closed his receive window forever. And for how long the connection has been in in this stalled state etc. And what about multi-application servers? Surely each application here is running as an independent process and indvidually they don't have the system wide awareness that TCP has... As you note, applications can solve this easily. Since it's their obligation to do so, and it's easy for them to do so, there's no reason to complicate the transport layer with this responsibility. Applications can implement a fixed or even an adaptive timeout, but unless they can make the above distinction i am pointing out, they will be knocking out legitimate (albeit slow) connections, i.e there will be a fairness issue. Applications do not have visibility into TCP connection sender's state to solve the fairness issue. A solution which penalizes legitimate connections is clearly a broken one. Furthermore, does the propose solution solve the DOS problem? Aren't there other ways to keep a source stalled? (i.e., what about continued SACKs? or repeated ACKs indicating a lost segment? at the very least, we could ACK a byte at a time, sending 3-4 duplicate ACKs for each byte, which would keep the sender from opening its window and stall things a lot...). How do you propose to carry out these attacks without changing the client side TCP stack in the windows or linux kernel? The vulnerability which we have demonstrated and addressed requires a simple user level program which anyone with a little, basic programming background can write today. Clearly the bar to creating these attacks you are pointing out is higher. Joe __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] Is this a problem? Mahesh Jethanandani
- RE: [tcpm] Is this a problem? Caitlin Bestler
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? Mahesh Jethanandani
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? MURALI BASHYAM
- Re: [tcpm] Is this a problem? Mahesh Jethanandani
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? Florian Weimer
- Re: [tcpm] Is this a problem? John Heffner
- Re: [tcpm] Is this a problem? MURALI BASHYAM
- Re: [tcpm] Is this a problem? speakeasy
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? Ethan Blanton
- Re: [tcpm] Is this a problem? Lloyd Wood
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? MURALI BASHYAM
- Re: [tcpm] Is this a problem? MURALI BASHYAM
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? MURALI BASHYAM
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? MURALI BASHYAM
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? MURALI BASHYAM
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? Ethan Blanton
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? Ethan Blanton
- Re: [tcpm] Is this a problem? Mahesh Jethanandani
- Re: [tcpm] Is this a problem? Ethan Blanton
- Re: [tcpm] Is this a problem? MURALI BASHYAM
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? MURALI BASHYAM
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? Mahesh Jethanandani
- Re: [tcpm] Is this a problem? Ted Faber
- RE: [tcpm] Is this a problem? Caitlin Bestler
- Re: [tcpm] Is this a problem? John Heffner
- Re: [tcpm] Is this a problem? Mark Allman
- Re: [tcpm] Is this a problem? Mark Allman
- Re: [tcpm] Is this a problem? MURALI BASHYAM
- Re: [tcpm] Is this a problem? Mark Allman
- Re: [tcpm] Is this a problem? MURALI BASHYAM
- Re: [tcpm] Is this a problem? Mark Allman
- Re: [tcpm] Is this a problem? Lloyd Wood
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? Mark Allman
- Re: [tcpm] Is this a problem? Chandrashekhar Appanna
- Re: [tcpm] Is this a problem? Ethan Blanton
- Re: [tcpm] Is this a problem? Mahesh Jethanandani
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? Ethan Blanton
- Re: [tcpm] Is this a problem? Chandrashekhar Appanna
- Re: [tcpm] Is this a problem? Mark Allman
- RE: Summary of responses so far and proposal movi… Anantha Ramaiah (ananth)
- Re: [tcpm] Is this a problem? Lloyd Wood
- Re: [tcpm] Is this a problem? Lloyd Wood
- Re: [tcpm] Is this a problem? Joe Touch
- Re: [tcpm] Is this a problem? Lloyd Wood
- Re: [tcpm] Is this a problem? Jakob Heitz
- Re: [tcpm] Is this a problem? Ethan Blanton
- Re: [tcpm] Is this a problem? Chandrashekhar Appanna
- Re: [tcpm] Is this a problem? Ted Faber
- Re: [tcpm] Is this a problem? Ted Faber
- Summary of responses so far and proposal moving f… Anantha Ramaiah (ananth)
- Re: Summary of responses so far and proposal movi… Joe Touch
- Re: Summary of responses so far and proposal movi… Ted Faber
- Re: Summary of responses so far and proposal movi… John Heffner
- RE: Summary of responses so far and proposal movi… Anantha Ramaiah (ananth)
- RE: Summary of responses so far and proposal movi… Anantha Ramaiah (ananth)
- Re: Summary of responses so far and proposal movi… Ted Faber
- Re: Summary of responses so far and proposal movi… Mahesh Jethanandani
- Re: Summary of responses so far and proposal movi… Mahesh Jethanandani
- RE: Summary of responses so far and proposal movi… Anantha Ramaiah (ananth)
- Re: Summary of responses so far and proposal movi… Joe Touch
- Re: Summary of responses so far and proposal movi… Joe Touch
- Re: Summary of responses so far and proposal movi… Ted Faber
- Re: Summary of responses so far and proposal movi… Joe Touch
- Re: Summary of responses so far and proposal movi… Joe Touch
- Re: Summary of responses so far and proposal movi… Ted Faber
- RE: Summary of responses so far and proposal movi… Anantha Ramaiah (ananth)
- Re: Summary of responses so far and proposal movi… Joe Touch
- Re: Summary of responses so far and proposal movi… Ted Faber
- RE: Summary of responses so far and proposal movi… Anantha Ramaiah (ananth)
- Re: Summary of responses so far and proposal movi… Ted Faber
- Re: Summary of responses so far and proposal movi… Ted Faber
- Re: Summary of responses so far and proposal movi… Joe Touch
- RE: Summary of responses so far and proposal movi… Anantha Ramaiah (ananth)
- Re: Summary of responses so far and proposal movi… Joe Touch
- RE: Summary of responses so far and proposal movi… Anantha Ramaiah (ananth)
- Re: Summary of responses so far and proposal movi… Joe Touch
- Re: Summary of responses so far and proposal movi… Tom Petch
- RE: Summary of responses so far and proposal movi… Anantha Ramaiah (ananth)
- RE: Summary of responses so far and proposal movi… Anantha Ramaiah (ananth)
- Re: Summary of responses so far and proposal movi… Joe Touch
- RE: Summary of responses so far and proposal movi… Anantha Ramaiah (ananth)
- Re: Summary of responses so far and proposal movi… Joe Touch
- RE: Summary of responses so far and proposal movi… Anantha Ramaiah (ananth)
- Re: Summary of responses so far and proposal movi… Joe Touch
- Re: Summary of responses so far and proposal movi… Mark Allman
- Re: Summary of responses so far and proposal movi… Mark Allman
- Re: Summary of responses so far and proposal movi… Joe Touch
- Re: Summary of responses so far and proposal movi… Mark Allman
- Re: Summary of responses so far and proposal movi… Joe Touch
- Re: Summary of responses so far and proposal movi… Mark Allman
- Re: Summary of responses so far and proposal movi… Joe Touch
- Re: Summary of responses so far and proposal movi… Mark Allman
- Re: Summary of responses so far and proposal movi… John Heffner
- Re: Summary of responses so far and proposal movi… Ted Faber
- Re: Summary of responses so far and proposal movi… Lloyd Wood
- Re: Summary of responses so far and proposal movi… Mahesh Jethanandani
- Re: Summary of responses so far and proposal movi… Joe Touch
- Re: Summary of responses so far and proposal movi… Joe Touch
- Re: Summary of responses so far and proposal movi… Lloyd Wood
- Re: Summary of responses so far and proposal movi… Joe Touch
- Re: Summary of responses so far and proposal movi… David Borman
- Re: Summary of responses so far and proposal movi… weddy
- Re: Summary of responses so far and proposal movi… Mahesh Jethanandani
- Re: Summary of responses so far and proposal movi… Mahesh Jethanandani
- Re: Summary of responses so far and proposal movi… Ethan Blanton
- Re: Summary of responses so far and proposal movi… Ethan Blanton
- Re: Summary of responses so far and proposal movi… David Borman
- Re: Summary of responses so far and proposal movi… Mahesh Jethanandani
- Re: Summary of responses so far and proposal movi… Joe Touch
- Re: [tcpm] Is this a problem? Mahesh Jethanandani
- Re: Summary of responses so far and proposal movi… Erik Nordmark