New Low Bandwidth Denial of Service Attacks

← Back to Stories (view on slashdot.org)

New Low Bandwidth Denial of Service Attacks

Posted by CmdrTaco on Thursday August 28, 2003 @04:45AM from the i'm-very-slow dept.

An anonymous reader writes "A paper from Rice University appearing at the 2003 ACM Sigcomm Conference presents a new denial of service attack where the attacker only needs to send at a low rate to shutdown TCP flows. The trick exploits the retransmission timeout mechanism in TCP. By sending small bursts of packets at just the right frequency, the attacker can cause all TCP flows sharing a bottleneck link to simultaneously stop indefinitely. And because the attacker only needs to burst periodically, the attacker will not be distinguishable from normal hosts. The presentation, and other presentations from the conference, are available online (live streaming)."

2 of 366 comments (clear)

Down with sexism! .. I mean, IPv4! by Anonymous Coward · 2003-08-28 04:52 · Score: 0, Troll

This article is just another nail in the coffin for IPv4. Look through the history of bugs, design flaws, and poor implementations in and of the infamous IPv4 stack. It's no coincidence that it was first developed at the same place BSD was, and again, no coincidence that it comes from the same place LSD did.

It's time to do away with IPv4 flaws and insecurity and migrate to IPv6. Slashdotters know it. Savvy internet professionals know it. IPv4 doesn't have a future on this planet anymore than dinosaurs do. Take a look at netcraft statistics to see current IPv6 host information to see it's current growth rate. It doesn't take a genius to see that is now is a better time than any to migrate our machines to IPv6 and do away with the train-wreck that is IPv4 forever.

IPv4: Slow. Expensive. Crappy. Pick any two.
Re:Security through obfuscation by bill_mcgonigle · 2003-08-28 05:16 · Score: 0, Troll

... sufficiently near time (alpha) such that those flows can partially recover and utilize the available bandwidth in the period from time (alpha) to time (beta)...

What is it with CS papers and the gratuitous use of greek characters? I read so many papers in school like this where the use of actual pronouns would have made the papers far more readable and no less precise. It's no wonder people assume techies don't know how to write.

--
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)