Re: [tcpm] New I-D (draft-mahesh-persist-timeout-00.txt)

Fernando Gont <fernando@gont.com.ar> Wed, 14 February 2007 08:01 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HHF5M-0000a4-29; Wed, 14 Feb 2007 03:01:52 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HHF5J-0000Zl-VN for tcpm@ietf.org; Wed, 14 Feb 2007 03:01:49 -0500
Received: from smtp1.xmundo.net ([201.216.232.80]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HHF5I-000051-Hj for tcpm@ietf.org; Wed, 14 Feb 2007 03:01:49 -0500
Received: from venus.xmundo.net (venus.xmundo.net [201.216.232.56]) by smtp1.xmundo.net (Postfix) with ESMTP id D8AC9F0C417; Wed, 14 Feb 2007 05:01:47 -0300 (ART)
Received: from fgont.gont.com.ar (3-176-231-201.fibertel.com.ar [201.231.176.3]) (authenticated bits=0) by venus.xmundo.net (8.12.11.20060308/8.12.11) with ESMTP id l1E81fPQ019857; Wed, 14 Feb 2007 05:01:45 -0300
Message-Id: <200702140801.l1E81fPQ019857@venus.xmundo.net>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Wed, 14 Feb 2007 05:01:31 -0300
To: Mahesh Jethanandani <mahesh@cisco.com>
From: Fernando Gont <fernando@gont.com.ar>
Subject: Re: [tcpm] New I-D (draft-mahesh-persist-timeout-00.txt)
In-Reply-To: <45D20253.70706@cisco.com>
References: <45D20253.70706@cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-2.0.2 (venus.xmundo.net [201.216.232.56]); Wed, 14 Feb 2007 05:01:46 -0300 (ART)
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 97adf591118a232206bdb5a27b217034
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org

At 03:24 p.m. 13/02/2007, you wrote:

Comments inline....


>A new I-D has been posted on the IETF web site.
>
><http://www.ietf.org/internet-drafts/draft-mahesh-persist-timeout-00.txt>http://www.ietf.org/internet-drafts/draft-mahesh-persist-timeout-00.txt
>"TCP Maintenance and Minor Extensions", Mahesh Jethanandani, Murali 
>Bashyam, 9-Feb-07, <draft-mahesh-persist-timeout-00.txt> Comments are welcome.

What if I advertise a window of 1, instead?

Or, what if I advertise a window of zero, then before you abort the 
connection I advertise a window of a few bytes, and then I go back to 
advertising a window of zero (and so on)?

I think it is interesting to find a workaround for this type of 
resource exhaustion attack (as well as for Netkill, etc.).

However, I think the heuristics will need to be more complex. If not, 
it will be easy (and cheap) for the attacker to fool the proposed 
counter-measures. (the examples above are some possible ways to do so).

Kindest regards,

-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1





_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm