Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Low Bandwidth Denial of Service Attacks

Posted by CmdrTaco on from the i'm-very-slow dept.

An anonymous reader writes "A paper from Rice University appearing at the 2003 ACM Sigcomm Conference presents a new denial of service attack where the attacker only needs to send at a low rate to shutdown TCP flows. The trick exploits the retransmission timeout mechanism in TCP. By sending small bursts of packets at just the right frequency, the attacker can cause all TCP flows sharing a bottleneck link to simultaneously stop indefinitely. And because the attacker only needs to burst periodically, the attacker will not be distinguishable from normal hosts. The presentation, and other presentations from the conference, are available online (live streaming)."

3 of 366 comments (clear)

  1. Re:Oh no! They're attacking... slowly... by cK-Gunslinger · · Score: 5, Interesting

    Actually the paper address defense mechanisms, such as randomly varying the time out interval, but it turns out that the performance lost in TCP efficiently nulls any benefits. Interesting paaper.

  2. better papers this year by carpe_noctem · · Score: 5, Interesting

    Not to rain on the parade here, but I thought there were a number of more interesting papers from sigcomm this year. Namely:

    - Peer-to-Peer Information Retrieval Using Self-Organizing Semantic Overlay Networks
    - Quantum Cryptography in Practice
    - Making Gnutella-like P2P Systems Scalable

    Just some more food for thought....

    --
    "Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
  3. Worms can potentially exploit this by Rolman · · Score: 5, Interesting

    In the latest Lovsan.* worm outbreak, the worm was programmed to generate a DDoS attack to www.windowsupdate.com, only the attack was not very successful because that domain was just a means of redirection to the real Windows Update site (windowsupdate.microsoft.com), so Microsoft just shut it down and avoided any harm.

    But with this low-bandwidth exploit, which I believe is actually not a new idea, since IE uses a tricky method to increase speed by leaving persistent connections until they time out that could be exploited, now a worm can potentially DoS any website, even dynamically selecting the target from the users' IE favorites and performing the attack very quickly (maybe in a matter of hours) without having to rely it on being a widespread, coordinated DDoS or what the target OS/Server is.

    The paper even claims that in order to protect a server from this type of attack you'd need to sacrifice a good deal of performance, which in most cases is not acceptable so many people can't really afford to implement defenses. Either a clever workaround is made for this exploit, or we have tough times ahead from worm outbreaks and script kiddies.

    --
    - Otaku no naka no otaku, otaking da!!!