Web timeouts and their implications

Authors:
Zakaria Al-Qudah;Michael Rabinovich;Mark Allman
Affiliations:
Case Western Reserve University, Cleveland, Ohio;Case Western Reserve University, Cleveland, Ohio;International Computer Science Institute, Berkeley, CA
Venue:
PAM'10 Proceedings of the 11th international conference on Passive and active measurement
Year:
2010

Citing 5
Cited 5

A performance evaluation of hyper text transfer protocols

SIGMETRICS '99 Proceedings of the 1999 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Defensive programming: using an annotation toolkit to build DoS-resistant software

ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
PRO-COW: Protocol compliance on the web-a longitudinal study

USITS'01 Proceedings of the 3rd conference on USENIX Symposium on Internet Technologies and Systems - Volume 3
Connection conditioning: architecture-independent support for simple, robust servers

NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
Anycast-aware transport for content delivery networks

Proceedings of the 18th international conference on World wide web

A longitudinal view of HTTP traffic

PAM'10 Proceedings of the 11th international conference on Passive and active measurement
Loss probability estimation and control for OFDM/TDMA wireless systems considering multifractal traffic characteristics

Computer Communications
Performance implications of unilateral enabling of IPv6

PAM'13 Proceedings of the 14th international conference on Passive and Active Measurement
Pico replication: a high availability framework for middleboxes

Proceedings of the 4th annual Symposium on Cloud Computing
Estimation of backlog and delay in OFDM/TDMA systems with traffic policing using Network Calculus

Computers and Electrical Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

Timeouts play a fundamental role in network protocols, controlling numerous aspects of host behavior at different layers of the protocol stack. Previous work has documented a class of Denial of Service (DoS) attacks that leverage timeouts to force a host to preserve state with a bare minimum level of interactivity with the attacker. This paper considers the vulnerability of operational Web servers to such attacks by comparing timeouts implemented in servers with the normal Web activity that informs our understanding as to the necessary length of timeouts. We then use these two results--which generally show that the timeouts in wide use are long relative to normal Web transactions--to devise a framework to augment static timeouts with both measurements of the system and particular policy decisions in times of high load.