IETF Logo Mail Archive

Re: [tcpm] mitigating TCP ACK loop ("ACK storm") DoS attacks

Wesley Eddy <wes@mti-systems.com> Wed, 11 February 2015 01:20 UTC

Return-Path: <wes@mti-systems.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6D371A1AA4 for <tcpm@ietfa.amsl.com>; Tue, 10 Feb 2015 17:20:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WYEGzaaeDe2P for <tcpm@ietfa.amsl.com>; Tue, 10 Feb 2015 17:19:52 -0800 (PST)
Received: from atl4mhob02.myregisteredsite.com (atl4mhob02.myregisteredsite.com [209.17.115.40]) by ietfa.amsl.com (Postfix) with ESMTP id 221531A1A46 for <tcpm@ietf.org>; Tue, 10 Feb 2015 17:19:50 -0800 (PST)
Received: from mailpod.hostingplatform.com ([10.30.71.205]) by atl4mhob02.myregisteredsite.com (8.14.4/8.14.4) with ESMTP id t1B1Jmlj010317 for <tcpm@ietf.org>; Tue, 10 Feb 2015 20:19:48 -0500
Received: (qmail 13079 invoked by uid 0); 11 Feb 2015 01:19:48 -0000
X-TCPREMOTEIP: 162.17.211.93
X-Authenticated-UID: wes@mti-systems.com
Received: from unknown (HELO ?10.128.2.10?) (wes@mti-systems.com@162.17.211.93) by 0 with ESMTPA; 11 Feb 2015 01:19:48 -0000
Message-ID: <54DAAE2B.3020002@mti-systems.com>
Date: Tue, 10 Feb 2015 20:19:39 -0500
From: Wesley Eddy <wes@mti-systems.com>
Organization: MTI Systems
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: "Zimmermann, Alexander" <Alexander.Zimmermann@netapp.com>, "tcpm@ietf.org" <tcpm@ietf.org>, Neal Cardwell <ncardwell@google.com>
References: <CADVnQynQ07-=gzUGbBivua17guztXG7hF4u3gk9m1D+sYyB_Fw@mail.gmail.com> <C5E1B080-15EF-4194-9892-9B775A6DA2A4@netapp.com>
In-Reply-To: <C5E1B080-15EF-4194-9892-9B775A6DA2A4@netapp.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpm/OOXPAKyVib8ZncRbpjaZGboC5tY>
Subject: Re: [tcpm] mitigating TCP ACK loop ("ACK storm") DoS attacks
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2015 01:20:03 -0000

On 2/10/2015 3:03 AM, Zimmermann, Alexander wrote:
> Hi all,
> 
> I discussed this patch a bit w/ Neal yesterday. It was not clear to me
> (and maybe shame on me) that exist cases in which TCP sends an (DUP)ACK
> in response to a pure ACK. Parts of this „problem“ belongs to RFC793
> (see background below). It’s maybe a good opportunity to include some
> text about this in RFC793bis.


I would be tempted to say "yes", however, to keep from opening the door
to all kinds of changes and making RFC793bis intractable to get
consensus on, I had proposed to only make changes that are already in
other RFCs updating 793 or in verified errata.

So, maybe someone should submit an errata on this? :)


> BTW: Do we think as WG that 793bis is a good thing to do? And if the
> answer is yes, why do we not start an adoption call?


Sounds good to me :).


-- 
Wes Eddy
MTI Systems

v2.23.0 | Report a Bug | By Email