[plug] UNIX - RISKS

Paul Wilson hooker at opera.iinet.net.au
Mon Feb 22 14:08:35 WST 1999


> From: Christian <again at global.net.au>
> On Mon, 22 Feb 1999, David Buddrige wrote:
> > Furthermore those connections almost certainly have a timeout after
> > which it will be dropped - so opening a connection and not transmitting
> > any data would not work either.
> 
> I think that's part of the issue - the timeout for TCP is long enough
that
> you can keep the number of processes running at a sufficiently high level
> to prevent creation of new ones.

There's a recognised DoS attack against web servers that relies on this
timeout. Make connections to the considerably faster than the timeout will
collapse the 'unused' ones, and your machine will grind to a halt. It was
used against (IIRC) the Time-Warner site a couple of years back. In this
case, even when the server was shutdown and rebooted, the problem didn't go
away because the sender just kept on opening TCP connections ignoring
errors. The newspaper article suggested that it took in the order of ten
days before the attack collapsed.

Paul




More information about the plug mailing list