Re: [tcpm] New I-D (draft-mahesh-persist-timeout-00.txt)
MURALI BASHYAM <murali_bashyam@yahoo.com> Wed, 14 February 2007 08:14 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HHFHR-0001QV-FW; Wed, 14 Feb 2007 03:14:21 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HHFHP-0001QG-RE for tcpm@ietf.org; Wed, 14 Feb 2007 03:14:19 -0500
Received: from web31708.mail.mud.yahoo.com ([68.142.201.188]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1HHFHO-0003Mc-GI for tcpm@ietf.org; Wed, 14 Feb 2007 03:14:19 -0500
Received: (qmail 1904 invoked by uid 60001); 14 Feb 2007 08:14:17 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=Behm2+s3NJQWc+O6xbsRam522ACq0kQ2RLa7eW7662e7a5R9ZkbSyUirtbSU8mmySHmARAJ6vru7nTcXc26T4mc6rSl2/65MlYXDWAxoFwTBWCDZWRwhgR+owTcpbDJkgF3T55t4b0Zi7R1jtCU6wBKsf7rHyZQxODNMjYkxORY=;
X-YMail-OSG: 5VYYax8VM1ly8j65Cl0aZkCdDdEM_X1xldD0K6sulqPcy9pWO.WnAwyabWa4fq5xs4B5wrUK6qJlQ3exw2V8aTAxZZhVnpHudF6SzxP_yya2Lral.jw10Sz01oQB58KteuGSromqY4c-
Received: from [24.6.27.26] by web31708.mail.mud.yahoo.com via HTTP; Wed, 14 Feb 2007 00:14:17 PST
Date: Wed, 14 Feb 2007 00:14:17 -0800
From: MURALI BASHYAM <murali_bashyam@yahoo.com>
Subject: Re: [tcpm] New I-D (draft-mahesh-persist-timeout-00.txt)
To: Fernando Gont <fernando@gont.com.ar>, Mahesh Jethanandani <mahesh@cisco.com>
In-Reply-To: <200702140801.l1E81fPQ019857@venus.xmundo.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Message-ID: <864148.91659.qm@web31708.mail.mud.yahoo.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: fb6060cb60c0cea16e3f7219e40a0a81
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org
Good point. This particular behaviour can be detected quite easily when compared to a well-behaved receiver. A well-behaved TCP receiver will do receive side silly window avoidance, and would only advertise a window increase when at least a MSS worth of buffer space is available (typically). Murali --- Fernando Gont <fernando@gont.com.ar> wrote: > At 03:24 p.m. 13/02/2007, you wrote: > > Comments inline.... > > > >A new I-D has been posted on the IETF web site. > > > ><http://www.ietf.org/internet-drafts/draft-mahesh-persist-timeout-00.txt>http://www.ietf.org/internet-drafts/draft-mahesh-persist-timeout-00.txt > >"TCP Maintenance and Minor Extensions", Mahesh > Jethanandani, Murali > >Bashyam, 9-Feb-07, > <draft-mahesh-persist-timeout-00.txt> Comments are > welcome. > > What if I advertise a window of 1, instead? > > Or, what if I advertise a window of zero, then > before you abort the > connection I advertise a window of a few bytes, and > then I go back to > advertising a window of zero (and so on)? > > I think it is interesting to find a workaround for > this type of > resource exhaustion attack (as well as for Netkill, > etc.). > > However, I think the heuristics will need to be more > complex. If not, > it will be easy (and cheap) for the attacker to fool > the proposed > counter-measures. (the examples above are some > possible ways to do so). > > Kindest regards, > > -- > Fernando Gont > e-mail: fernando@gont.com.ar || fgont@acm.org > PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE > A9EF D076 FFF1 > > > > > > _______________________________________________ > tcpm mailing list > tcpm@ietf.org > https://www1.ietf.org/mailman/listinfo/tcpm > ____________________________________________________________________________________ 8:00? 8:25? 8:40? Find a flick in no time with the Yahoo! Search movie showtime shortcut. http://tools.search.yahoo.com/shortcuts/#news _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- Re: [tcpm] New I-D Mark Allman
- Re: [tcpm] New I-D MURALI BASHYAM
- [tcpm] New I-D Mahesh Jethanandani
- Re: [tcpm] New I-D Wesley Eddy
- Re: [tcpm] New I-D David Malone
- Re: [tcpm] New I-D MURALI BASHYAM
- Re: [tcpm] New I-D (draft-mahesh-persist-timeout-… Fernando Gont
- Re: [tcpm] New I-D (draft-mahesh-persist-timeout-… MURALI BASHYAM
- RE: [tcpm] New I-D (draft-mahesh-persist-timeout-… Anantha Ramaiah (ananth)
- RE: [tcpm] New I-D (draft-mahesh-persist-timeout-… Fernando Gont
- Re: [tcpm] New I-D Mark Allman
- Re: [tcpm] New I-D MURALI BASHYAM
- Re: [tcpm] New I-D Fernando Gont
- Re: [tcpm] New I-D Mark Allman
- Re: [tcpm] New I-D MURALI BASHYAM
- RE: [tcpm] New I-D Caitlin Bestler
- Re: [tcpm] New I-D John Heffner
- Re: [tcpm] New I-D Mahesh Jethanandani
- Re: [tcpm] New I-D John Heffner
- Re: [tcpm] New I-D Mahesh Jethanandani
- [tcpm] New I-D Mahesh Jethanandani