Re: Drawbacks of persistent connections
J.P. Martin-Flatin (martin-flatin@epfl.ch)
Mon, 15 Jun 1998 19:13:43 +0200
On Mon, 15 Jun 1998 09:48:50 -0700, Jim Gettys wrote:
>
> > Section 8.1.1 may come across as slightly biaised, because it lists
> > only advantages of persistent connections. In practice, these are
> > balanced by drawbacks. For instance, if the timeout value of
> > persistent connections is larger than the TCP connection timeout,
> > denial-of-service attacks are more effective: by using up all possible
> > connections, a malicious user can prevent access to a targeted server
> > for a longer period of time. Perhaps a quick mention of this issue
> > would make sense in section 8.1.4 (Practical Considerations)?
>
> The denial of service attack is the same between persistent connections
> and non-persistent connections. I can see no difference between the
> two situations; the attacker does exactly the same thing in either case,
> with the same result.
Presumably, the timeout of persistent connections will be longer than the
TCP connection timeout (that is, the recommended time to maintain TCP
TIME_WAIT state, generally 4 minutes). So even though the technique used
for the attack is the same, the effect will be amplified in the case of
persistent connections with long timeouts.
> In general, denial of service attacks are very difficult to deal with.
Agreed.
Jean-Philippe Martin-Flatin