Re: Summary of responses so far and proposal moving forward[WasRe: [tcpm] Is this a problem?]

[Ethan Blanton <eblanton@cs.ohiou.edu>]

Mahesh Jethanandani spake unto us the following wisdom:
> Joe Touch wrote:
> >Mahesh Jethanandani wrote:
> >>Joe Touch wrote:
> >>>Note also that DOS attacks would likely not keep TCP connections around
> >>>with zero windows AND continue to ACK - they'd stop ACKing, the
> >>>connection would drop for *that* reason, and be recovered.
> >>
> >>Quite the contrary. Our experimentation revealed that DoS attackers
> >>responded reliably with an ACK to all zero window probes and that
> >>connections stayed in established state for days.
> >
> >OK - so how do you know these were attacks? Or are you calling any
> >consumption of resources you don't expect an attack
>
> They were attacks because we had initiated them as such.

This is _very different_ from what you claimed before.  You are
claiming that attacks *do exist* which reliably ACK zero window probes
-- but you don't know that, and have no support for it.  You have
support for the fact that an attack *can be created* which ACKs zero
window probes.

Joe's point, and I think it is valid, is that this is an attack which
requires a commitment of resources on the part of the attacker.

That said, I agree that such an attack *could* be created, though it
appears that no one has.

Ethan

-- 
The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
		-- Cesare Beccaria, "On Crimes and Punishments", 1764

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm