On Thu, 20 Sep 2001, Ian Morgan wrote:
> RecvTimeout 5
>
> This will cause any incoming request to timeout if not completed within 5
> seconds. This will cause the above "null" connections to timeout very
> quickly, thereby significantly reducing the number of wasted waiting server
> instances.
so the next version of the DoS will just send a request and then set its
TCP receive window to something really tiny effectively taking forever to
get the response.
for example, take a look at this "white-hat" program which uses the
technique i just described: <http://www.hackbusters.net/LaBrea/>.
not that having multiple configurable timeouts is a bad thing. i just
wanted to point out that it's not the end of the story :)
-dean