3

If I have one 'live IP address', i.e an IP address on which if I run a server anybody over internet can access this server.

Now let say I have an army of computers under the gateway which has the 'live IP address'.

Is the below true?

If all computers under this IP address hit the same google server on the same port 80 with keep-alive header then the max number of connection can be 2^16=65536

How did I conclude that number?

TCP/IP packet is identified by (src.ip, src.port, dst.ip, dst.port)

For our case if we look from server side than src.ip=MY LIVE IP, dst.ip=google server ip, dst.port=80 so we are left with src.port which is 16 bit.

If the above is true then:

Max number of socket connection is also 2^16 as there can be only one socket per TCP connection. Is this true ?

user207421
  • 305,947
  • 44
  • 307
  • 483
Bhuvan
  • 4,028
  • 6
  • 42
  • 84
  • It is 2^16 *per client host.*. – user207421 Feb 27 '16 at 18:53
  • Below links address the max connections question: https://stackoverflow.com/questions/2332741/what-is-the-theoretical-maximum-number-of-open-tcp-connections-that-a-modern-lin – Ben Oct 18 '17 at 07:12

2 Answers2

1

This is true in theory, the maximum number of concurrent connections from a client, regardless is to the same server or not, is 65536. However, IPv4 address space shortage is a reality and ISPs have started implementing A+P strategies to wide the number of available addresses.

A+P means address plus port sharing. What it means is that some bits of the port number are used for addressable purposes. What that means in practice is that an IPv4 public address it might be shared by different customers each of them being assigned a range of ports. That limits the number of available connections for each customer. Your operating system may still pick a random number between 0-65565 for the source port, but at some point your private IPv4 source address and port will be natted to your assigned range of source ports before going out in the wild.

This is sort of an advance topic but is worth considering it. RFC6346 has more information about it.

Community
  • 1
  • 1
Diego Pino
  • 11,278
  • 1
  • 55
  • 57
0

Wow, what a cool and evil attack idea. Yes, as long as the gateway you are talking about does NAT, that attack should work.

However, note that google.com has a large number of IP addresses that each client is going to try, so you would need to do the attack for every one of those IPs. For example, my PC sees 16 different IPs for google.com.

thejh
  • 44,854
  • 16
  • 96
  • 107