Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat-02
Rob Sherwood <capveg@cs.umd.edu> Wed, 26 March 2008 20:21 UTC
Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: ietfarch-tcpm-archive@core3.amsl.com
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B661C28C778; Wed, 26 Mar 2008 13:21:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.617
X-Spam-Level:
X-Spam-Status: No, score=-100.617 tagged_above=-999 required=5 tests=[AWL=-0.180, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VN5qMTduGamE; Wed, 26 Mar 2008 13:21:36 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8672A28C315; Wed, 26 Mar 2008 13:21:35 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3AB9928C375 for <tcpm@core3.amsl.com>; Wed, 26 Mar 2008 13:21:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BCimnW4QpJMD for <tcpm@core3.amsl.com>; Wed, 26 Mar 2008 13:21:33 -0700 (PDT)
Received: from circular.cs.umd.edu (circular.cs.umd.edu [128.8.128.176]) by core3.amsl.com (Postfix) with ESMTP id AE49B28C780 for <tcpm@ietf.org>; Wed, 26 Mar 2008 13:20:49 -0700 (PDT)
Received: from loompa.cs.umd.edu (loompa.cs.umd.edu [128.8.128.63]) by circular.cs.umd.edu (8.12.11.20060308/8.12.5) with ESMTP id m2QKITLR005525; Wed, 26 Mar 2008 16:18:29 -0400
Received: from loompa.cs.umd.edu (localhost [127.0.0.1]) by loompa.cs.umd.edu (8.13.8+Sun/8.12.5) with ESMTP id m2QKIQIb007420; Wed, 26 Mar 2008 16:18:26 -0400 (EDT)
Received: (from capveg@localhost) by loompa.cs.umd.edu (8.13.8+Sun/8.13.8/Submit) id m2QKIQUI007419; Wed, 26 Mar 2008 16:18:26 -0400 (EDT)
Date: Wed, 26 Mar 2008 16:18:26 -0400
From: Rob Sherwood <capveg@cs.umd.edu>
To: Caitlin Bestler <Caitlin.Bestler@neterion.com>
Message-ID: <20080326201826.GP24842@cs.umd.edu>
References: <200803260029.33658.v13@v13.gr> <20080326193338.GO24842@cs.umd.edu> <78C9135A3D2ECE4B8162EBDCE82CAD7703442C8F@nekter>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <78C9135A3D2ECE4B8162EBDCE82CAD7703442C8F@nekter>
User-Agent: Mutt/1.5.16 (2007-06-09)
Cc: tcpm@ietf.org
Subject: Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat-02
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
On Wed, Mar 26, 2008 at 03:41:12PM -0400, Caitlin Bestler wrote: > I'd rephrase that as: > > b) people who believe the attack is practical, but that the problem is > an > application layer problem that should be solved at the application > layer > -- and especially not by transport layer solutions that would have a > negative impact on honest connections. I would call this a different camp all together, mostly because it's one I least understand the rationale for. Maybe you could reiterate your points for me (off list, if you think this issue is dead)? I feel like this view comes from a misunderstanding of the attack. In my view, the goal of the attack is not to saturate the first hop of a single victim. Instead, the attacker's goal is to fool many victims in parallel into saturating their shared access and backbone links by the *aggregate traffic*. Thus, no one victim is sending abnormally fast, but the aggregate level of traffic ( summed across victims) is sufficient to cause DoS. To paraphrase, this is an attack against the network not an individual. So, when one views the attack from this standpoint, I don't see how application level rate limits (which, IIRC, is what you were proposing) would stop this attack: no one victim is sending at an excessive rate. - Rob . _______________________________________________ tcpm mailing list tcpm@ietf.org https://www.ietf.org/mailman/listinfo/tcpm
- [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat-02 Stefanos Harhalakis
- Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat… Rob Sherwood
- Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat… Bob Briscoe
- Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat… Pekka Savola
- Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat… Rob Sherwood
- Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat… Caitlin Bestler
- Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat… Anantha Ramaiah (ananth)
- Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat… Jakob Heitz
- Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat… Rob Sherwood
- Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat… David Malone
- Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat… Rob Sherwood
- Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat… Stefanos Harhalakis
- Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat… Fernando Gont
- Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat… Stefanos Harhalakis
- Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat… John Kristoff
- Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat… Caitlin Bestler
- Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat… Bob Briscoe
- Re: [tcpm] PoC for draft-moncaster-tcpm-rcv-cheat… Rob Sherwood