1995-10-25 - Re: Does your software?
Header Data
From: fc@all.net (Dr. Frederick B. Cohen)
To: ses@tipper.oit.unc.edu (Simon Spero)
Message Hash: 431e0e28fbd60e7ffa028c562b0fbad5ff077b5ba06720c25a6c8e688a082057
Message ID: <9510251049.AA20105@all.net>
Reply To: <Pine.SOL.3.91.951024210756.18616A-100000@chivalry>
UTC Datetime: 1995-10-25 10:52:48 UTC
Raw Date: Wed, 25 Oct 95 03:52:48 PDT
Raw message
From: fc@all.net (Dr. Frederick B. Cohen)
Date: Wed, 25 Oct 95 03:52:48 PDT
To: ses@tipper.oit.unc.edu (Simon Spero)
Subject: Re: Does your software?
In-Reply-To: <Pine.SOL.3.91.951024210756.18616A-100000@chivalry>
Message-ID: <9510251049.AA20105@all.net>
MIME-Version: 1.0
Content-Type: text
>
> On Tue, 24 Oct 1995, Jon Mittelhauser wrote:
>
> > Dr. Frederick B. Cohen wrote:
> >
> > > Yet it services more than one request per minute, 24 hours, 7 days, and
> > > has done so without denial of services, corruption, or leakage since its
>
> > I really tried to resist but....
> >
>
> Thanks for saving me from the temptation but I guessed you were so taken
> aback by the performance claims that you missed the most amazing claim:
> an httpd that is proof against Denial Of Service. I'd love to know how
> Dr. Fred does this, since DoS is believed impossibly to defend against
> for unauthenticated TCP...
It's detailed to some extent in the on-line paper about the server.
> The usual DoS attack is to send a stream of connection-initiating SYNs to
> the target port, and never ACK the returned SYN. This fills up the listen
> queue, and jams the port. As long as you can generate SYNs faster than
> the TCP implementation times out the older pending requests, the port is
> jammed (modulo a small window of, er, invunerability between one of your
> SYNs timing out and its replacement turning up).
Right - that's why you have to have timeouts. Unfortunately, I only
prevent denial of services attacks once things hit the server. I think
the TCP wrapper also has a timeout on it's request for authentication.
As I said, the system is not made less secure by the server. It's very
common for other http servers to start a process, lose the link to the
calling host, and leave processes hung out to dry. Even without an
intentional attack, servers end up with hundreds of processes hanging
around after a few weeks of uptime. If you get 1024 hung channels, you
have denial of services on most http implementations.
--
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
Thread
Return to October 1995
- Return to “Adam Shostack <adam@homeport.org>”
- Return to “Aleph One <aleph1@dfw.net>”
- Return to “Andy Brown <asb@nexor.co.uk>”
- Return to “anonymous-remailer@shell.portal.com”
- Return to “fc@all.net (Dr. Frederick B. Cohen)”
- Return to “futplex@pseudonym.com (Futplex)”
- Return to “hallam@w3.org”
- Return to “Jeff Barber <jeffb@sware.com>”
- Return to “Jeff Weinstein <jsw@netscape.com>”
- Return to “Jon Mittelhauser <jonm@netscape.com>”
- Return to ““Josh M. Osborne” <stripes@va.pubnix.com>”
- Return to “Laurent Demailly <dl@hplyot.obspm.fr>”
- Return to “Mark <mark@lochard.com.au>”
- Return to “Matt Blaze <mab@crypto.com>”
- Return to “Nesta Stubbs <nesta@cynico.com>”
- Return to ““Perry E. Metzger” <perry@piermont.com>”
- Return to “Ray Cromwell <rjc@clark.net>”
- Return to “roy@cybrspc.mn.org (Roy M. Silvernail)”
- Return to “sameer <sameer@c2.org>”
Return to “Simon Spero <ses@tipper.oit.unc.edu>”
- 1995-10-22 (Sun, 22 Oct 95 14:10:05 PDT) - Netscape Logic Bomb detailed by IETF - anonymous-remailer@shell.portal.com
- 1995-10-23 (Mon, 23 Oct 95 06:44:11 PDT) - Re: Netscape Logic Bomb detailed by IETF - “Perry E. Metzger” <perry@piermont.com>
- 1995-10-23 (Mon, 23 Oct 95 07:16:40 PDT) - Re: Netscape Logic Bomb detailed by IETF - fc@all.net (Dr. Frederick B. Cohen)
- 1995-10-23 (Mon, 23 Oct 95 08:01:02 PDT) - Re: Netscape Logic Bomb detailed by IETF - “Josh M. Osborne” <stripes@va.pubnix.com>
- 1995-10-24 (Tue, 24 Oct 95 02:32:25 PDT) - Re: Netscape Logic Bomb detailed by IETF - fc@all.net (Dr. Frederick B. Cohen)
- 1995-10-24 (Tue, 24 Oct 95 06:50:39 PDT) - Re: Netscape Logic Bomb detailed by IETF - Aleph One <aleph1@dfw.net>
- 1995-10-24 (Tue, 24 Oct 95 08:52:20 PDT) - Does your software? - fc@all.net (Dr. Frederick B. Cohen)
- 1995-10-24 (Tue, 24 Oct 95 10:10:53 PDT) - Re: Does your software? - Jeff Barber <jeffb@sware.com>
- 1995-10-24 (Tue, 24 Oct 95 10:50:17 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
- 1995-10-25 (Wed, 25 Oct 95 06:33:11 PDT) - Re: Does your software? - Andy Brown <asb@nexor.co.uk>
- 1995-10-25 (Wed, 25 Oct 95 10:25:00 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
- 1995-10-25 (Wed, 25 Oct 95 06:33:11 PDT) - Re: Does your software? - Andy Brown <asb@nexor.co.uk>
- 1995-10-24 (Tue, 24 Oct 95 16:01:55 PDT) - Re: Does your software? - Jon Mittelhauser <jonm@netscape.com>
- 1995-10-25 (Tue, 24 Oct 95 21:40:12 PDT) - Re: Does your software? - Simon Spero <ses@tipper.oit.unc.edu>
- 1995-10-25 (Wed, 25 Oct 95 03:52:48 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
- 1995-10-25 (Tue, 24 Oct 95 21:40:12 PDT) - Re: Does your software? - Simon Spero <ses@tipper.oit.unc.edu>
- 1995-10-25 (Tue, 24 Oct 95 17:24:50 PDT) - Re: Does your software? - Jeff Weinstein <jsw@netscape.com>
- 1995-10-25 (Wed, 25 Oct 95 04:22:42 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
- 1995-10-25 (Wed, 25 Oct 95 06:55:27 PDT) - Re: Does your software? - Adam Shostack <adam@homeport.org>
- 1995-10-25 (Wed, 25 Oct 95 07:09:01 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
- 1995-10-25 (Wed, 25 Oct 95 09:05:14 PDT) - Re: Does your software? - Aleph One <aleph1@dfw.net>
- 1995-10-25 (Wed, 25 Oct 95 06:55:27 PDT) - Re: Does your software? - Adam Shostack <adam@homeport.org>
- 1995-10-25 (Wed, 25 Oct 95 04:22:42 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
- 1995-10-24 (Tue, 24 Oct 95 10:50:17 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
- 1995-10-24 (Tue, 24 Oct 95 15:39:02 PDT) - Re: Does your software? - Ray Cromwell <rjc@clark.net>
- 1995-10-24 (Tue, 24 Oct 95 15:54:11 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
- 1995-10-24 (Tue, 24 Oct 95 10:10:53 PDT) - Re: Does your software? - Jeff Barber <jeffb@sware.com>
- 1995-10-24 (Tue, 24 Oct 95 08:52:20 PDT) - Does your software? - fc@all.net (Dr. Frederick B. Cohen)
- 1995-10-24 (Tue, 24 Oct 95 06:50:39 PDT) - Re: Netscape Logic Bomb detailed by IETF - Aleph One <aleph1@dfw.net>
- 1995-10-24 (Tue, 24 Oct 95 07:29:09 PDT) - MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - Laurent Demailly <dl@hplyot.obspm.fr>
- 1995-10-24 (Tue, 24 Oct 95 07:46:20 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - fc@all.net (Dr. Frederick B. Cohen)
- 1995-10-24 (Tue, 24 Oct 95 09:32:07 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - Andy Brown <asb@nexor.co.uk>
- 1995-10-24 (Tue, 24 Oct 95 10:15:03 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - hallam@w3.org
- 1995-10-24 (Tue, 24 Oct 95 12:02:35 PDT) - Hash collisions [was Re: MD5 weakness ? …] - Matt Blaze <mab@crypto.com>
- 1995-10-25 (Tue, 24 Oct 95 17:16:29 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - Mark <mark@lochard.com.au>
- 1995-10-24 (Tue, 24 Oct 95 08:54:39 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - futplex@pseudonym.com (Futplex)
- 1995-10-24 (Tue, 24 Oct 95 13:04:15 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - fc@all.net (Dr. Frederick B. Cohen)
- 1995-10-24 (Tue, 24 Oct 95 16:38:31 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - “Perry E. Metzger” <perry@piermont.com>
- 1995-10-24 (Tue, 24 Oct 95 10:46:44 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - Laurent Demailly <dl@hplyot.obspm.fr>
- 1995-10-24 (Tue, 24 Oct 95 07:46:20 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - fc@all.net (Dr. Frederick B. Cohen)
- 1995-10-24 (Tue, 24 Oct 95 08:27:53 PDT) - Re: Netscape Logic Bomb detailed by IETF - Jeff Weinstein <jsw@netscape.com>
- 1995-10-24 (Tue, 24 Oct 95 09:28:18 PDT) - Re: Netscape Logic Bomb detailed by IETF - sameer <sameer@c2.org>
- 1995-10-24 (Tue, 24 Oct 95 02:32:25 PDT) - Re: Netscape Logic Bomb detailed by IETF - fc@all.net (Dr. Frederick B. Cohen)
- 1995-10-23 (Mon, 23 Oct 95 08:32:06 PDT) - Re: Netscape Logic Bomb detailed by IETF - “Perry E. Metzger” <perry@piermont.com>
- 1995-10-23 (Mon, 23 Oct 95 12:13:18 PDT) - Re: Netscape Logic Bomb detailed by IETF - futplex@pseudonym.com (Futplex)
- 1995-10-25 (Tue, 24 Oct 95 20:02:23 PDT) - Re: Netscape Logic Bomb detailed by IETF - Nesta Stubbs <nesta@cynico.com>
- 1995-10-23 (Mon, 23 Oct 95 08:01:02 PDT) - Re: Netscape Logic Bomb detailed by IETF - “Josh M. Osborne” <stripes@va.pubnix.com>
- 1995-10-23 (Mon, 23 Oct 95 07:16:40 PDT) - Re: Netscape Logic Bomb detailed by IETF - fc@all.net (Dr. Frederick B. Cohen)
- 1995-10-24 (Mon, 23 Oct 95 17:31:07 PDT) - Re: Netscape Logic Bomb detailed by IETF - roy@cybrspc.mn.org (Roy M. Silvernail)
- 1995-10-23 (Mon, 23 Oct 95 06:44:11 PDT) - Re: Netscape Logic Bomb detailed by IETF - “Perry E. Metzger” <perry@piermont.com>