#175 closed editorial (incorporated)
Security consideration: range flooding
| Reported by: | mnot@… | Owned by: | ylafon@… |
|---|---|---|---|
| Priority: | normal | Milestone: | 16 |
| Component: | p5-range | Severity: | Active WG Document |
| Keywords: | Cc: |
Description
Allowing overlapping ranges permits the client side to request more data than the largest file available at the server side. It is trivial to construct a 100MB file request from 200 overlapping partial requests of a 500K file. This allows the TCP optimistic ACK attack [1] to be performed on web servers all over the world.
[1] http://www.mail-archive.com/linux-net%40vger.kernel.org/msg01053.html
Change History (6)
comment:1 Changed 12 years ago by julian.reschke@…
- Component changed from non-specific to p5-range
- Priority set to normal
comment:2 Changed 12 years ago by ylafon@…
- Owner set to ylafon@…
- Status changed from new to assigned
comment:3 Changed 11 years ago by ylafon@…
comment:4 Changed 11 years ago by ylafon@…
- Milestone changed from unassigned to 16
comment:5 Changed 11 years ago by ylafon@…
- Resolution set to incorporated
- Status changed from assigned to closed
comment:6 Changed 9 years ago by fielding@…
From [2157]:
Address range flooding security issue (#175 and #311) by direct requirements and recommendations.
Actually require Content-Range and Content-Type (when appropriate) inside multipart/byteranges body parts instead of assuming that the reader will read between the lines of the MIME registration template.
Simplify description of required headers in 206 responses.
![(please configure the [header_logo] section in trac.ini)](https://www.ietf.org/images/ietflogotrans.gif)
From [1355]:
Added security consideration on range flooding (See #175)