IETF Logo Mail Archive

Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat-02

Rob Sherwood <capveg@cs.umd.edu> Wed, 26 March 2008 04:28 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: ietfarch-tcpm-archive@core3.amsl.com
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B620F28C13E; Tue, 25 Mar 2008 21:28:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.653
X-Spam-Level:
X-Spam-Status: No, score=-100.653 tagged_above=-999 required=5 tests=[AWL=-0.216, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LSFpsXclw5bL; Tue, 25 Mar 2008 21:28:20 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A96B13A687C; Tue, 25 Mar 2008 21:28:20 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D6CF63A687C for <tcpm@core3.amsl.com>; Tue, 25 Mar 2008 21:28:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MEUhisBKjgAj for <tcpm@core3.amsl.com>; Tue, 25 Mar 2008 21:28:17 -0700 (PDT)
Received: from circular.cs.umd.edu (circular.cs.umd.edu [128.8.128.176]) by core3.amsl.com (Postfix) with ESMTP id 712FC3A67F4 for <tcpm@ietf.org>; Tue, 25 Mar 2008 21:28:17 -0700 (PDT)
Received: from loompa.cs.umd.edu (loompa.cs.umd.edu [128.8.128.63]) by circular.cs.umd.edu (8.12.11.20060308/8.12.5) with ESMTP id m2Q4Pr3l019243; Wed, 26 Mar 2008 00:25:53 -0400
Received: from loompa.cs.umd.edu (localhost [127.0.0.1]) by loompa.cs.umd.edu (8.13.8+Sun/8.12.5) with ESMTP id m2Q4PFM4012331; Wed, 26 Mar 2008 00:25:15 -0400 (EDT)
Received: (from capveg@localhost) by loompa.cs.umd.edu (8.13.8+Sun/8.13.8/Submit) id m2Q4PFUQ012329; Wed, 26 Mar 2008 00:25:15 -0400 (EDT)
Date: Wed, 26 Mar 2008 00:25:15 -0400
From: Rob Sherwood <capveg@cs.umd.edu>
To: Stefanos Harhalakis <v13@v13.gr>
Message-ID: <20080326042515.GD24842@cs.umd.edu>
References: <200803260029.33658.v13@v13.gr>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <200803260029.33658.v13@v13.gr>
User-Agent: Mutt/1.5.16 (2007-06-09)
Cc: tcpm@ietf.org, bob.briscoe@bt.com
Subject: Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat-02
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

On Wed, Mar 26, 2008 at 12:29:33AM +0200, Stefanos Harhalakis wrote:
> Hello there,
> 
> While experimenting I've written a (small) python program that utilizes the 
> TCP weakness that is addressed in draft-moncaster-tcpm-rcv-cheat-02 (which I 
> discovered latter). Using it, I was able to make an (under my control) HTTP 
> server generate a constant 5-minute (until I interrupted it) 900Mbps traffic 
> over the Internet using just a DSL line. Theoretically it could also be done 
> using a 64Kbps ISDN line, it is 100% reproduceable and it can be used on many 
> web servers with fast internet connections.
> 
> I'm considering wether I should make this (small) tool public or not.

As a data point, I have choosen not to publish the PoC code I created
for this attack ("TCP Receivers Can Cause Internet-Wide Congestion
Collapse" CCS 2005).  While I am a strong proponent of full disclosure,
I don't think releasing the code will speed the acceptance of the
proposed solution. 

- Rob
.
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email