David S. Miller wrote:
> From: Ben Greear <greearb@candelatech.com>
> Date: Mon, 03 Feb 2003 10:03:48 -0800
>
> Also, if it's as simple as allocating a few more buffers for tcp, maybe we
> should consider defaulting to higher in the normal kernel? (I'm not suggesting
> **my** numbers..)
>
> The current values are the only "safe" defaults. Here "safe" means
> that if you have thousands of web connections, clients cannot force
> the serve to queue large amounts of traffic per socket.
>
> The attack goes something like: Open N thousand connections to
> server, ask for large static object, do not ACK any of the data
> packets. Server must thus hold onto N thousnad * maximum socket
> write buffer bytes amount of memory.
Why would it use the maximum socket for a connection with low to
no acks, ie low to no throughput? Seems like the connection would
have to scale up to full speed/sliding-window, which would require the DoS guy
to have large receive bandwidth, and also enough precision to stop acking
as soon as the window gets big (but before the object download has
completed.) This does not seem like a great DoS to me.
On my system, the default memory seems to be about 80k (docs say it
is based on how much memory I have (128MB)). How big can N get?
If N is 10k I can be DOS'd for only 800k?
-- Ben Greear <greearb@candelatech.com> <Ben_Greear AT excite.com> President of Candela Technologies Inc http://www.candelatech.com ScryMUD: http://scry.wanfear.com http://scry.wanfear.com/~greear- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Feb 07 2003 - 22:00:14 EST