IETF Logo Mail Archive

Re: [tcpm] DoS attack from misbehaving receivers

Joe Touch <touch@ISI.EDU> Thu, 11 January 2007 19:22 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H55Vj-00087W-S4; Thu, 11 Jan 2007 14:22:51 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H55Vj-00087R-IH for tcpm@ietf.org; Thu, 11 Jan 2007 14:22:51 -0500
Received: from vapor.isi.edu ([128.9.64.64]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H55Vi-000141-35 for tcpm@ietf.org; Thu, 11 Jan 2007 14:22:51 -0500
Received: from [127.0.0.1] ([128.9.176.75]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id l0BJMOGB014758; Thu, 11 Jan 2007 11:22:26 -0800 (PST)
Message-ID: <45A68E6D.5050303@isi.edu>
Date: Thu, 11 Jan 2007 11:22:21 -0800
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: Stephen Hemminger <shemminger@osdl.org>
Subject: Re: [tcpm] DoS attack from misbehaving receivers
References: <20070111105348.546de25e@freekitty>
In-Reply-To: <20070111105348.546de25e@freekitty>
X-Enigmail-Version: 0.94.0.0
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0ddefe323dd869ab027dbfff7eff0465
Cc: david.malone@nuim.ie, tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0688988792=="
Errors-To: tcpm-bounces@ietf.org


Stephen Hemminger wrote:
> Has anyone in this group explored the problems described in:
> "Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse"?
> 
> 	http://www.cs.umd.edu/~capveg/optack/optack-ccs05.pdf
> 	http://www.cs.umd.edu/~capveg/
> 	http://www.kb.cert.org/vuls/id/102014
> 
> A possible solution (optack) is described in the paper that involves the
> sender randomly skipping segments and resetting connections that
> ACK data that was never sent.  But it is not clear that the impacts
> of such a change have been fully investigated.

There's very little in TCP that is intended to work well with a
byzantine receiver. Except for our security protocols, very little of
the Internet deals well with them either.

Joe

-- 
----------------------------------------
Joe Touch
Sr. Network Engineer, USAF TSAT Space Segment


_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email