RE: [tcpm] TCP zero window timeout?

"Caitlin Bestler" <> Tue, 29 August 2006 19:34 UTC

Received: from [] ( by with esmtp (Exim 4.43) id 1GI9MA-0005bw-5b; Tue, 29 Aug 2006 15:34:42 -0400
Received: from [] ( by with esmtp (Exim 4.43) id 1GI9M9-0005br-77 for; Tue, 29 Aug 2006 15:34:41 -0400
Received: from ([]) by with esmtp (Exim 4.43) id 1GI9M7-0005m3-SB for; Tue, 29 Aug 2006 15:34:41 -0400
Received: from by with ESMTP (Broadcom SMTP Relay (Email Firewall v6.2.0)); Tue, 29 Aug 2006 12:34:21 -0700
X-Server-Uuid: F962EFE0-448C-40EE-8100-87DF498ED0EA
Received: by (Postfix, from userid 47) id A82CF2B1; Tue, 29 Aug 2006 12:34:21 -0700 (PDT)
Received: from (mail-irva-8 []) by (Postfix) with ESMTP id 823522B0; Tue, 29 Aug 2006 12:34:21 -0700 (PDT)
Received: from ( []) by (MOS 3.7.5a-GA) with ESMTP id EDY67060; Tue, 29 Aug 2006 12:34:17 -0700 (PDT)
Received: from (nt-sjca-0751 []) by (Postfix) with ESMTP id ECA3020501; Tue, 29 Aug 2006 12:34:16 -0700 (PDT)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: [tcpm] TCP zero window timeout?
Date: Tue, 29 Aug 2006 12:34:15 -0700
Message-ID: <>
In-Reply-To: <>
Thread-Topic: [tcpm] TCP zero window timeout?
Thread-Index: AcbLnJuykJjkq5SsRoqQquxx/IorVAABNvzg
From: "Caitlin Bestler" <>
To: "MURALI BASHYAM" <>, "Ted Faber" <faber@ISI.EDU>
X-TMWD-Spam-Summary: SEV=1.1; DFV=A2006082907; IFV=2.0.6,4.0-7; RPD=4.00.0004; RPDID=303030312E30413031303230312E34344634393538302E303033362D412D; ENG=IBF; TS=20060829193426; CAT=NONE; CON=NONE;
X-MMS-Spam-Filter-ID: A2006082907_4.00.0004_2.0.6,4.0-7
X-WSS-ID: 68EA49373CC3019331-01-01
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4adaf050708fb13be3316a9eee889caa
Cc: "Mahdavi, Jamshid" <>,, "Anantha Ramaiah \(ananth\)" <>, Fernando Gont <>
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <>
List-Unsubscribe: <>, <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>

> --- Caitlin Bestler <> wrote:
>>> I think the crux of the issue here is that this is left to
>>> the client side application control which means open game for
>>> hackers. 
>>> Murali
>> I think it is a given that a server application can terminate the
>> connection to any client if the behaviour of that client means that
>> the server no longer wishes to maintain the connection.
> The application is not aware of the client's behaviour here
> and as far as he is concerned the data is out of his control.
>> I am not aware of any RFC that would impair the ability of the server
>> application to interact with the local TCP stack to achieve these
>> results.
> Are u suggesting that the application query TCP to determine
> that the connection is stuck in persist state and how much of
> the data has been sent or not and so on? That sounds a little
> roundabout and complicated...

And/or the application convey an application specific tolerance
for such a state through a local interface.

If the behavior can be corrected through a local interface,
and there is no IETF language barring or discouraging such
an interface, then why is this something that TCPM should

At first glance, John Hefner's post would seem to show that
the required information is already available.

The nature of the Denial of Service attack presented does
not seem to require real-time defenses and definitely does
not present a strong case for any network element modifying
their "fast path" handling of packets.

tcpm mailing list