Re: [tcpm] Please read

Stefanos Harhalakis <> Fri, 01 August 2008 09:50 UTC

Return-Path: <>
Received: from [] (localhost []) by (Postfix) with ESMTP id A8B7C3A6D72; Fri, 1 Aug 2008 02:50:03 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id C78E73A697F for <>; Fri, 1 Aug 2008 02:50:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id L+pMk5DiXiZY for <>; Fri, 1 Aug 2008 02:50:02 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 168DD3A6B4E for <>; Fri, 1 Aug 2008 02:49:32 -0700 (PDT)
Received: from ( []) by (8.14.3/8.14.3) with ESMTP id m719ll8i009502; Fri, 1 Aug 2008 12:47:47 +0300
Received: from ( []) by (8.14.3/8.14.3) with ESMTP id m719lljV005947; Fri, 1 Aug 2008 12:47:47 +0300
Received: from ( []) by (8.14.3/8.14.3) with ESMTP id m719lhqu008007; Fri, 1 Aug 2008 12:47:45 +0300
Authentication-Results:; spf=neutral
Authentication-Results:; sender-id=neutral
From: Stefanos Harhalakis <>
Date: Fri, 01 Aug 2008 12:47:26 +0300
User-Agent: KMail/1.9.9
References: <> <78C9135A3D2ECE4B8162EBDCE82CAD7704041514@nekter>
In-Reply-To: <78C9135A3D2ECE4B8162EBDCE82CAD7704041514@nekter>
MIME-Version: 1.0
Content-Disposition: inline
Message-Id: <>
Cc: Caitlin Bestler <>
Subject: Re: [tcpm] Please read
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

On Thursday 31 July 2008, Caitlin Bestler wrote:
> Is an RFC really needed?
> I've always assumed that the application layer MAY
> do pretty much whatever it wants. Further application
> layer servers SHOULD protect their own resources against
> abusive clients. Those protection mechanisms MAY include
> terminating connections.
> All of that is true independent of any specific method
> of abusing server resources.

Since this is an OS issue that will affect all running applications and it is 
impossible to ensure that all TCP-listening applications won't be 
exploitable, I believe it is best to take some (customizable) measures at the 
OS side too (if understand correctly, that's what the resource management 
entity, even if it is implemented as a user-space part). Of course any 
application is able to enforce stricter rules.

Apart from that, I believe that the problem is not well defined. I don't 
exactly understand what differentiates a zero sized window with a one-byte 
window, etc... Transferring a 1MB file with 1-byte window is essentially the 
same (no?). It is also almost the same as never acking the last data segment 
and sending dup-acks for the previous for some time, or just acking 1 byte 
every N retransmits, etc... Where exactly do you draw the line?

Taking a broader look, since TCP's fundamental assumption is that the remote 
end is trustworthy, perhaps it is better to look at this and other TCP attack 
methods as a resource allocation problem and handle it as such. Most of the 
time there won't be such an issue but in cases of an attack, there can be 
algorithms that "evenly" allocate the shared resource (like available sockets 
or available buffer space). Also, to my knowledge there are cases where it is 
impossible to distinguish between legitimate behavior and malicious behavior. 
Most probably, taking at look at the shared resource approach will solve this 
and perhaps other future problems too that can be caused by attacks or 
legitimate remote-ends. At the end, we may only need to point to that problem 
and indicate what a good policy is made of.


p.s. I'll be away from keyboard for the next two weeks (starting tomorrow) so 
please excuse any delayed replies.
tcpm mailing list