RE: [tcpm] New I-D (draft-mahesh-persist-timeout-00.txt)
"Anantha Ramaiah \(ananth\)" <ananth@cisco.com> Wed, 14 February 2007 08:39 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HHFfg-0006f7-Bt; Wed, 14 Feb 2007 03:39:24 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HHFfe-0006bz-50 for tcpm@ietf.org; Wed, 14 Feb 2007 03:39:22 -0500
Received: from sj-iport-5.cisco.com ([171.68.10.87]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HHFcR-0008K2-0d for tcpm@ietf.org; Wed, 14 Feb 2007 03:36:05 -0500
Received: from sj-dkim-6.cisco.com ([171.68.10.81]) by sj-iport-5.cisco.com with ESMTP; 14 Feb 2007 00:36:02 -0800
X-IronPort-AV: i="4.14,168,1170662400"; d="scan'208"; a="388941333:sNHT50682768"
Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-6.cisco.com (8.12.11/8.12.11) with ESMTP id l1E8a2VW022646; Wed, 14 Feb 2007 00:36:02 -0800
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id l1E8a2nF017727; Wed, 14 Feb 2007 00:36:02 -0800 (PST)
Received: from xmb-sjc-21c.amer.cisco.com ([171.70.151.176]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 14 Feb 2007 00:36:01 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [tcpm] New I-D (draft-mahesh-persist-timeout-00.txt)
Date: Wed, 14 Feb 2007 00:35:59 -0800
Message-ID: <0C53DCFB700D144284A584F54711EC5802DE662B@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <864148.91659.qm@web31708.mail.mud.yahoo.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] New I-D (draft-mahesh-persist-timeout-00.txt)
thread-index: AcdQEDHPwT2+UHqxSCONUwpnoe6QIQAAhtJg
From: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
To: MURALI BASHYAM <murali_bashyam@yahoo.com>, Fernando Gont <fernando@gont.com.ar>, "Mahesh Jethanandani (mahesh)" <mahesh@cisco.com>
X-OriginalArrivalTime: 14 Feb 2007 08:36:01.0990 (UTC) FILETIME=[28A5BE60:01C75013]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2885; t=1171442162; x=1172306162; c=relaxed/simple; s=sjdkim6002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ananth@cisco.com; z=From:=20=22Anantha=20Ramaiah=20\(ananth\)=22=20<ananth@cisco.com> |Subject:=20RE=3A=20[tcpm]=20New=20I-D=20(draft-mahesh-persist-timeout-00 .txt) |Sender:=20; bh=7XV89WwsTX/Ozez47pj8jVu8Q88I6YU2alX3hfiX9IY=; b=T/riDaC6gjuNAEsW+bmPh99qV8xtUXDszyd/9Kc1THAkGDJlKdE+SzISq8LpHl1iiazKAkxX tYUdnrj9x6U6yo/6CWsdRR4Z/5ch6ZmQ4sbWyHZbadK3/Hm2oSMaoYr8;
Authentication-Results: sj-dkim-6; header.From=ananth@cisco.com; dkim=pass ( sig from cisco.com/sjdkim6002 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f66b12316365a3fe519e75911daf28a8
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org
Yep, on a related note, some TCP stacks shrink windows, window shrinking is used as a convenience tool in some cases :-) We probably need to deal with such cases as well, since the robustness principle allows it. -Anantha > -----Original Message----- > From: MURALI BASHYAM [mailto:murali_bashyam@yahoo.com] > Sent: Wednesday, February 14, 2007 12:14 AM > To: Fernando Gont; Mahesh Jethanandani (mahesh) > Cc: tcpm@ietf.org > Subject: Re: [tcpm] New I-D (draft-mahesh-persist-timeout-00.txt) > > Good point. > > This particular behaviour can be detected quite easily when > compared to a well-behaved receiver. A well-behaved TCP > receiver will do receive side silly window avoidance, and > would only advertise a window increase when at least a MSS > worth of buffer space is available (typically). > > Murali > > --- Fernando Gont <fernando@gont.com.ar> wrote: > > > At 03:24 p.m. 13/02/2007, you wrote: > > > > Comments inline.... > > > > > > >A new I-D has been posted on the IETF web site. > > > > > > ><http://www.ietf.org/internet-drafts/draft-mahesh-persist-tim > eout-00.tx > >t>http://www.ietf.org/internet-drafts/draft-mahesh-persist-ti > meout-00.t > >xt > > >"TCP Maintenance and Minor Extensions", Mahesh > > Jethanandani, Murali > > >Bashyam, 9-Feb-07, > > <draft-mahesh-persist-timeout-00.txt> Comments are welcome. > > > > What if I advertise a window of 1, instead? > > > > Or, what if I advertise a window of zero, then before you abort the > > connection I advertise a window of a few bytes, and then I > go back to > > advertising a window of zero (and so on)? > > > > I think it is interesting to find a workaround for this type of > > resource exhaustion attack (as well as for Netkill, etc.). > > > > However, I think the heuristics will need to be more > complex. If not, > > it will be easy (and cheap) for the attacker to fool the proposed > > counter-measures. (the examples above are some possible ways to do > > so). > > > > Kindest regards, > > > > -- > > Fernando Gont > > e-mail: fernando@gont.com.ar || fgont@acm.org PGP Fingerprint: 7809 > > 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 > > > > > > > > > > > > _______________________________________________ > > tcpm mailing list > > tcpm@ietf.org > > https://www1.ietf.org/mailman/listinfo/tcpm > > > > > > > ______________________________________________________________ > ______________________ > 8:00? 8:25? 8:40? Find a flick in no time with the Yahoo! > Search movie showtime shortcut. > http://tools.search.yahoo.com/shortcuts/#news > > _______________________________________________ > tcpm mailing list > tcpm@ietf.org > https://www1.ietf.org/mailman/listinfo/tcpm > _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- Re: [tcpm] New I-D Mark Allman
- Re: [tcpm] New I-D MURALI BASHYAM
- [tcpm] New I-D Mahesh Jethanandani
- Re: [tcpm] New I-D Wesley Eddy
- Re: [tcpm] New I-D David Malone
- Re: [tcpm] New I-D MURALI BASHYAM
- Re: [tcpm] New I-D (draft-mahesh-persist-timeout-… Fernando Gont
- Re: [tcpm] New I-D (draft-mahesh-persist-timeout-… MURALI BASHYAM
- RE: [tcpm] New I-D (draft-mahesh-persist-timeout-… Anantha Ramaiah (ananth)
- RE: [tcpm] New I-D (draft-mahesh-persist-timeout-… Fernando Gont
- Re: [tcpm] New I-D Mark Allman
- Re: [tcpm] New I-D MURALI BASHYAM
- Re: [tcpm] New I-D Fernando Gont
- Re: [tcpm] New I-D Mark Allman
- Re: [tcpm] New I-D MURALI BASHYAM
- RE: [tcpm] New I-D Caitlin Bestler
- Re: [tcpm] New I-D John Heffner
- Re: [tcpm] New I-D Mahesh Jethanandani
- Re: [tcpm] New I-D John Heffner
- Re: [tcpm] New I-D Mahesh Jethanandani
- [tcpm] New I-D Mahesh Jethanandani