IETF Logo Mail Archive

Re: [tcpm] DoS attack from misbehaving receivers

Gavin McCullagh <gavin.mccullagh@nuim.ie> Fri, 12 January 2007 09:41 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H5IuM-0002JG-V3; Fri, 12 Jan 2007 04:41:10 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H5IuL-0002J5-Fl for tcpm@ietf.org; Fri, 12 Jan 2007 04:41:09 -0500
Received: from mail.nuim.ie ([149.157.1.19] helo=LARCH.MAY.IE) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H5IuG-0005Ld-3S for tcpm@ietf.org; Fri, 12 Jan 2007 04:41:09 -0500
Received: from retina-bcl.hamilton.local ([149.157.192.252]) by NUIM.IE (PMDF V6.2-X17 #30789) with ESMTPA id <01MBU5BSLPOE00YYPM@NUIM.IE> for tcpm@ietf.org; Fri, 12 Jan 2007 09:34:56 +0000 (GMT)
Received: from gavinmc by retina-bcl.hamilton.local with local (Exim 4.50) id 1H5Inw-0007cm-6p; Fri, 12 Jan 2007 09:34:32 +0000
Date: Fri, 12 Jan 2007 09:34:32 +0000
From: Gavin McCullagh <gavin.mccullagh@nuim.ie>
Subject: Re: [tcpm] DoS attack from misbehaving receivers
In-reply-to: <20070111212732.GM2944@loompa.cs.umd.edu>
To: Rob Sherwood <capveg@cs.umd.edu>
Message-id: <20070112093432.GA31536@nuim.ie>
MIME-version: 1.0
Content-type: text/plain; charset="us-ascii"
Content-transfer-encoding: 7bit
Content-disposition: inline
User-Agent: Mutt/1.5.9i
References: <20070111202843.GL2944@loompa.cs.umd.edu> <54AD0F12E08D1541B826BE97C98F99F1EE6E4E@NT-SJCA-0751.brcm.ad.broadcom.com> <20070111212732.GM2944@loompa.cs.umd.edu>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32
Cc: david.malone@nuim.ie, tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Gavin McCullagh <gavin.mccullagh@nuim.ie>
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org

On Thu, 11 Jan 2007, Rob Sherwood wrote:

> > Before endorsing a counter-measure that calls for what was
> > previously non-compliant behavior there should be a showing
> > that the problem being solved is indeed severe and unique.
> 
> Agreed.  This is the crux of the discussion: is this attack severe
> enough to motivate the admittedly invasive change to the TCP stack.

We implemented a basic attack of this recently before realising that others
had been here first.  I've thrown up a few quick results here using a
recent linux kernel on sender and receiver:

	http://www.hamilton.ie/gavinmc/drop_dupack_attack/

Kernel: 2.6.18 on both
OS: Debian GNU/Linux "edgy"
Apache v2.0.55
wget v1.10.2

The patch to linux is a short one.  I can make it available, but have held
off doing so for now.

Gavin


_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email