Memory Starvation Attacks

Memory Starvation Attacks

A memory starvation attack is designed to force your system to consume excess memory. Once system memory is depleted, the best that you can hope for is that the system will merely page to disk. Programmers all too often forget to check whether an allocation or new succeeded and just assume that memory is always plentiful. Additionally, some function calls can throw exceptions under low-memory conditions InitializeCriticalSection and EnterCriticalSection are two commonly found examples, although EnterCriticalSection won t throw exceptions if you re running Windows XP or Windows .NET Server. If you re dealing with device drivers, nonpaged pool memory is a much more limited resource than regular memory.

One good example of this was found by David Meltzer when he was working at Internet Security Systems. He discovered that for every connection accepted by a computer running Windows NT 4 Terminal Server Edition, it would allocate approximately one megabyte of memory. The Microsoft Knowledge Base article describing the problem is support.microsoft.com/support/kb/articles/Q238/6/00.ASP. On the underpowered system David was testing, this quickly brought the machine to a near halt. If your Terminal Server computer is configured with a reasonable amount of RAM per expected user, the problem becomes a resource starvation issue see the next section in which available sessions are difficult to obtain. The obvious fix for this type of problem is to not allocate expensive structures until you re sure that a real client is on the other end of the connection. You never want a situation in which it s cheap for an attacker to cause you to do expensive operations.