Re: [tcpm] Please read

"Murali Bashyam" <> Fri, 01 August 2008 19:58 UTC

Return-Path: <>
Received: from [] (localhost []) by (Postfix) with ESMTP id 071673A696F; Fri, 1 Aug 2008 12:58:01 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6C8783A696F for <>; Fri, 1 Aug 2008 12:57:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6lI4N+Dxa5A6 for <>; Fri, 1 Aug 2008 12:57:55 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id C34713A6A21 for <>; Fri, 1 Aug 2008 12:57:54 -0700 (PDT)
Received: by with SMTP id d18so1355015and.122 for <>; Fri, 01 Aug 2008 12:58:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=5oL1t8nOkhcoQBozwyZoILe1us80fVl5xeb66gLmJo8=; b=pp88fuUTaDbRPTC7kHo/ToyqfQfprAyEdXlNWn+niaAPnSLAv1IY4pBcLq2yKJuFhI eeeZuLR3Hb8Lg2gNqrZ0OHqmESVgPkTpsejSOMGVtnMqzYTDgXItGfMdgppew8hDeKAY 5uGXMT7/hF1W74O1zJTqCWgtEwf99xU9pXr1s=
DomainKey-Signature: a=rsa-sha1; c=nofws;; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=ECkWnYAFUCyf16yLCfWDgAKQmoH7EgYb5SATdYh4qlmm6rbCqjBwQvQ0Zo6xEU4+/q Vc7CZjyk5pm8v27E3zyyKsuC2YZzE5+D6ZY8RtuupIOF2t5J4jhJ+4Y3tTyu8Nmomktk tZrxJcJbJW1TtUMyKyL2/z8yqnhQRLWBpBWVg=
Received: by with SMTP id o12mr17201867ang.117.1217620694367; Fri, 01 Aug 2008 12:58:14 -0700 (PDT)
Received: by with HTTP; Fri, 1 Aug 2008 12:58:14 -0700 (PDT)
Message-ID: <>
Date: Fri, 01 Aug 2008 12:58:14 -0700
From: Murali Bashyam <>
To: Stefanos Harhalakis <>
In-Reply-To: <>
MIME-Version: 1.0
References: <> <78C9135A3D2ECE4B8162EBDCE82CAD7704041514@nekter> <>
Cc:, Caitlin Bestler <>
Subject: Re: [tcpm] Please read
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
Content-Type: multipart/mixed; boundary="===============0566901646=="

On Fri, Aug 1, 2008 at 2:47 AM, Stefanos Harhalakis <> wrote:

> On Thursday 31 July 2008, Caitlin Bestler wrote:
> > Is an RFC really needed?
> >
> > I've always assumed that the application layer MAY
> > do pretty much whatever it wants. Further application
> > layer servers SHOULD protect their own resources against
> > abusive clients. Those protection mechanisms MAY include
> > terminating connections.
> >
> > All of that is true independent of any specific method
> > of abusing server resources.
> Since this is an OS issue that will affect all running applications and it
> is
> impossible to ensure that all TCP-listening applications won't be
> exploitable, I believe it is best to take some (customizable) measures at
> the
> OS side too (if understand correctly, that's what the resource management
> entity, even if it is implemented as a user-space part). Of course any
> application is able to enforce stricter rules.

The resource management entity can be part of TCP or it can be in the
OS/application and do its work based on feedback from TCP.

> Apart from that, I believe that the problem is not well defined. I don't
> exactly understand what differentiates a zero sized window with a one-byte
> window, etc... Transferring a 1MB file with 1-byte window is essentially
> the
> same (no?). It is also almost the same as never acking the last data
> segment
> and sending dup-acks for the previous for some time, or just acking 1 byte
> every N retransmits, etc... Where exactly do you draw the line?

There are solutions for those scenarios, UTO based. UTO doesn't kick in when
the peer is
offering zero window. The attempt in this draft is to  *enable* alternatives
to the TCP sender side by
clarifying the 1122 verbiage and allowing resource management approaches,
UTO based approaches to handle this condition

> Taking a broader look, since TCP's fundamental assumption is that the
> remote
> end is trustworthy, perhaps it is better to look at this and other TCP
> attack
> methods as a resource allocation problem and handle it as such. Most of the
> time there won't be such an issue but in cases of an attack, there can be
> algorithms that "evenly" allocate the shared resource (like available
> sockets
> or available buffer space). Also, to my knowledge there are cases where it
> is
> impossible to distinguish between legitimate behavior and malicious
> behavior.
> Most probably, taking at look at the shared resource approach will solve
> this
> and perhaps other future problems too that can be caused by attacks or
> legitimate remote-ends. At the end, we may only need to point to that
> problem
> and indicate what a good policy is made of.

That's the attempt here, to highlight the implications of this condition and
possible solutions (to be posted in the second draft and in the
combined draft earlier). The solutions are general enough to extend to the
other scenarios you are describing.

> Nonce?
> p.s. I'll be away from keyboard for the next two weeks (starting tomorrow)
> so
> please excuse any delayed replies.
> _______________________________________________
> tcpm mailing list

Murali Bashyam
(c) (510)6736915

----------------------------- CONFIDENTIAL --------------------
This telecommunication and any data attached to, or included in it
is considered confidential, and is intended only for use by the named
recipient. The contents may be legally protected as any one or more of:
copyrighted material, trade-secret protected material, attorney-client
privileged material, attorney workproduct, or as material covered by
any other legally available means. If you received this material in
error, please notify the sender and destroy the original and all copies,
whether electronic or otherwise. Thank you.
------------------------------ CONFIDENTIAL --------------------
tcpm mailing list