Slashdot Mirror
New Low Bandwidth Denial of Service Attacks
An anonymous reader writes "A paper from Rice University
appearing at the
2003 ACM Sigcomm Conference presents a new denial of service
attack where the attacker only needs to send at a low rate
to shutdown TCP flows. The trick exploits the retransmission timeout
mechanism in TCP. By sending small bursts of packets at just the right
frequency, the attacker can cause all TCP flows sharing a bottleneck
link to simultaneously stop indefinitely. And because the attacker
only needs to burst periodically, the attacker will not be
distinguishable from normal hosts. The presentation, and other
presentations from the conference, are available online (live
streaming)."
This is a duplicate storyfrom a looonnnng time ago. May 31 as a matter of fact. This means something considering the amount brain cells I kill with liquor everyday.
Gzipped Postscript file
-- Grow up and use mutt.
Comment removed based on user account deletion
Uh, click on the word "paper" in the story, then click on "This paper is available in Adobe PDF format."
Or Cick Here
Wrong. That's a different paper.
--
Error 500: Internal sig error
Actually, this isn't new. The exact reverse concept was mentioned here as a way to fight spam.
"baud" is named after J.M.E. Baudot who was French. more info
Uh, it may be rarely used but it exists in all hardware and TCP stacks everywhere and therefore can be exploited. Not to mention the fact that multicast is going to be VERY important in the near future. When everything has an IP address and tcp becomes the single local and net protocol. ZeroConf, UPnP all rely on multicast to work.
Well, in Russian "baud" is spelled as "bod" (with cyrillic letters of course). All Latin alphabet based languages seem to have it as "baud" or a similar form (the ones I checked are German, Finnish, Swedish, Italian, French).
Actually, modems stopped increasing in baud at 9600 (I'm almost sure). Baud tells you how many signal changes happen in a second. With compression and other techniques, we can actually transmitt more than 1 bit/baud these days.
I think you've been mislead by a previously posted bad link. Look at the correct paper here.
Denial of Service via Algorithmic Complexity
dupe
Dupe!
DUPE!!!
Posted by michael on Sunday June 01, @12:56AM from the advanced-topics dept. dss902 writes "We (Department of Computer Science, Rice University) present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications' data structures... Using bandwidth less than a typical dialup modem, we can bring a dedicated Bro server to its knees; after six minutes of carefully chosen packets, our Bro server was dropping as much as 71% of its traffic and consuming all of its CPU. We show how modern universal hashing techniques can yield performance comparable to commonplace hash functions while being provably secure against these attacks."
OH NOES! IE IS BREAKING THE LAW! WERE ALL GONNA DIE COZ IE IS USING ALL THE BANDWIDTH AAAARGH...
0 22 491
It's called T/TCP, it's in RFC 1379 and RFC 1644, and both Apache and IIS use it.
http://slashdot.org/comments.pl?sid=49813&cid=5
Illogically, it is actually easier to establish and maintain a 56k connection than it is a 33.6K connection, when the local phone line is the only thing in question. (with 56k, you also have to have no more than one analog->digital conversion in between you and the phone company).
A 33.6K connection requires a symbol rate of 3200, which is greater than the 2800 that the 56K uses; hence, when customers would ask "Whats the chances I can get 56k out of my line" and the tech would answer "Can you connect at the maximum 33.6K right now? If not, it wont work", they were flat out wrong.
LRC, the best-read libertarian site on the web