IETF Logo Mail Archive

Re: [tcpm] New I-D posted : draft-moncaster-tcpm-rcv-cheat-00

Gavin McCullagh <gavin.mccullagh@nuim.ie> Wed, 21 February 2007 10:23 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HJodG-00031a-T5; Wed, 21 Feb 2007 05:23:30 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HJodG-00031U-4s for tcpm@ietf.org; Wed, 21 Feb 2007 05:23:30 -0500
Received: from mail.nuim.ie ([149.157.1.19] helo=LARCH.MAY.IE) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HJodC-0001HA-Ot for tcpm@ietf.org; Wed, 21 Feb 2007 05:23:30 -0500
Received: from retina-bcl.hamilton.local ([149.157.192.252]) by NUIM.IE (PMDF V6.2-X17 #30789) with ESMTPA id <01MDE2P5IJCA004API@NUIM.IE> for tcpm@ietf.org; Wed, 21 Feb 2007 10:23:46 +0000 (GMT)
Received: from gavinmc by retina-bcl.hamilton.local with local (Exim 4.50) id 1HJod3-0005Tn-6B; Wed, 21 Feb 2007 10:23:17 +0000
Date: Wed, 21 Feb 2007 10:23:17 +0000
From: Gavin McCullagh <gavin.mccullagh@nuim.ie>
Subject: Re: [tcpm] New I-D posted : draft-moncaster-tcpm-rcv-cheat-00
In-reply-to: <20070220193652.GZ20215@loompa.cs.umd.edu>
To: tcpm@ietf.org
Message-id: <20070221102317.GP3162@nuim.ie>
MIME-version: 1.0
Content-type: text/plain; charset="us-ascii"
Content-transfer-encoding: 7bit
Content-disposition: inline
User-Agent: Mutt/1.5.9i
References: <BAB4DC0CD5148948A86BD047A85CE2A7022D8F94@E03MVZ4-UKDY.domain1.systemhost.net> <20070220193652.GZ20215@loompa.cs.umd.edu>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d
Cc:
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Gavin McCullagh <gavin.mccullagh@nuim.ie>
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org

Hi,

On Tue, 20 Feb 2007, Rob Sherwood wrote:

> Should people decide that this two phases approach is preferable, it
> might be possible to simplify the first phase test as follows.  Rather
> then reordering segments N-1,N,N+1,..,N+D to N-1,N+1,..,N+D,N as Toby
> et. al suggest, it might be better to more frequently perform this test
> with D=1, (i.e., simply swap the order of two sequential segments) and
> after some threshold number K failures, apply the second phase randomly
> skipped segment test.

Perhaps I misunderstand, but is it not necessary to have variation in D of
at least 
        0 < D < 4
for the attack to be definitively prevented?

The "lazy ack" form of the attack just omits duplicate acks in order that a
loss is never detected.  If the above were implemented with D=1 it appears
that an attacker could always send the first duplicate ack in response to a
missing packet but omit the second or third duplicate ack.  This would seem
to allow the attack to continue but also pass the N-1,N+1,N test.

I guess if lots of packets are being lost as part of the attack this kind
of precision may be impossible on the part of the attacker so maybe the
above is not so important.

Gavin


_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.39.1 | Report a Bug | By Email | System Status