Hacker News new | past | comments | ask | show | jobs | submit login

This isn't really new as others have said. Maybe someone publicly released a tool to do this finally.

but basically how this works:

You have a malicious client figure out a transaction(s) that are easy for the client to request, but difficult for the server to fulfill (ideally).

The client initiates the TCP connection.

Three way handshake happens.

Client sends in the whole request.

Client immediately sends in a tcp window update with a very small or zero window size.

The server processes the entire request and goes to send it.

The server's TCP stack says "Oops, I need to send to that client but he has a small or zero window size. I can only send packets of X size, or I can't send at all. This data is going to sit in my TCP Send Buffer until I can send it".

Two things happen here. The TCP send buffer is full (taking up memory) and 2, if the amount of data needed to be sent > TCP Send Buffer size, you now have a Server thread blocked trying to send the data.

The client delays for some amount of time and then sends another TCP window update "Hey, I can take X bytes of data now".

The server sends X bytes of data.

The client can now play a game of sending random small window sizes and or zero windows to essentially slow the connection to a crawl and consume resources on the server side.

Edit: Formatting




Is there any tool to simulate this attack (and other common attacks), so I can hit my own server and tweak it until it's bullet proof?


TFA mentions slowhttptest: http://code.google.com/p/slowhttptest/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: