This is the mail archive of the
ecos-discuss@sourceware.org
mailing list for the eCos project.
Re: FreeBSD socket loss (a.k.a. MSIE DoS attack)
- From: Gary Thomas <gary at mlbassoc dot com>
- To: Lars Povlsen <lpovlsen at vitesse dot com>
- Cc: eCos Discuss <ecos-discuss at ecos dot sourceware dot org>
- Date: Tue, 17 Apr 2007 05:02:33 -0600
- Subject: Re: [ECOS] FreeBSD socket loss (a.k.a. MSIE DoS attack)
- References: <46249CB1.9020908@vitesse.com>
Lars Povlsen wrote:
Hi All!
I have run into a weird occurrence of total socket buffer drainage with
the FreeBSD network stack (IPv4).
The problem is triggered by MSIE going bezerk while rendering an
Ajax/DOM style, graphics heavy, web page. It goes into a mode of a
series of spastic connnects to the (eCos) HTTP server, request a graphic
object, followed immediately by a RST. Then a new connection, etc. The
browser manages to get the job done, at the expense of TCP connections
and - worse - the FreeBSD stack loosing socket buffers - forever!
When the network stack is void of buffers, exiting the browser only
frees *1* socket buffer. And waiting > 10 minutes does not uncover more
buffers from the depths of the stack.
While I realize that MSIE is acting up - BIG TIME - I hate that it can
cause semi-permanent damage to the operation of my system. Does anybody
have any clues as to how to uncover the leak? I have a workaround to the
browser behavior, but thats dancing around the issue, really. The
browser does dot always behave like this, but I guess I can hack up a
perl script to recreate the problem more reliantly if needed...
I have attached (part of) a Ethereal summary to display the TCP/browser
access pattern. The server is at 10.10.132.15, the client browser at
10.10.130.96. Needless to say, FF works like a champ...
If you think you can produce a small-ish test driver (perl?)
which can cause this, I think that would be the best way forward.
Then we can duplicate the problem and try to attack it.
--
------------------------------------------------------------
Gary Thomas | Consulting for the
MLB Associates | Embedded world
------------------------------------------------------------
--
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss