Re: [tcpm] DoS attack from misbehaving receivers
David Malone <David.Malone@nuim.ie> Sat, 13 January 2007 10:59 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H5gbW-0007fd-CD; Sat, 13 Jan 2007 05:59:18 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H5gbU-0007fS-Mp for tcpm@ietf.org; Sat, 13 Jan 2007 05:59:16 -0500
Received: from kac.cnri.dit.ie ([147.252.67.9]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1H5gbT-00063l-8i for tcpm@ietf.org; Sat, 13 Jan 2007 05:59:16 -0500
Received: from kac.cnri.dit.ie (localhost.cnri.dit.ie [127.0.0.1]) by kac.cnri.dit.ie (8.13.4/8.13.4) with ESMTP id l0DAqbI4083078; Sat, 13 Jan 2007 10:52:37 GMT (envelope-from dwmalone@kac.cnri.dit.ie)
Message-Id: <200701131052.l0DAqbI4083078@kac.cnri.dit.ie>
To: Caitlin Bestler <caitlinb@broadcom.com>
Subject: Re: [tcpm] DoS attack from misbehaving receivers
In-Reply-To: Your message of "Fri, 12 Jan 2007 17:05:20 PST." <54AD0F12E08D1541B826BE97C98F99F1025E8B@NT-SJCA-0751.brcm.ad.broadcom.com>
From: David Malone <David.Malone@nuim.ie>
Date: Sat, 13 Jan 2007 10:52:37 +0000
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org
> Documenting the attack is definitely a good idea, and I agree > that it is essentially a blind ack attack (even though it is a > partial blindness, since *some* of the send segments reach > the attacker). Yes - indeed. This is kind of important, because it means that the defences currently described in draft-azcorra-tcpm-tcp-blind-ack-dos will not be effective. > Single flows of over 10 Mbits being sent to a stranger over > the wide internet can be easily flagged at many different > layers. Sometimes this is not so easy - some people want to ship 10Mbps streams to those that can receive them but do not want send them to people for whom it will cause congestion (for example, people providing mirror services). I guess it could be flagged by the network, but few people want routers to send source quench messages any more ;-) To me it seems natural to address this at the TCP layer because it is essentially an attack on TCP's congestion control mechanism. > Keep in mind that *any* form of rate shaping will severely > impact this attack because the attacker will no longer be able > to predict the timing of tcp sequences. There's no prediction involved in the attack that we were demoing - it is entirely deterministic. We just send an ACK for every packet we get, providing the sequence number is higher than the previous ACK that we sent. David. _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] DoS attack from misbehaving receivers Stephen Hemminger
- Re: [tcpm] DoS attack from misbehaving receivers Joe Touch
- RE: [tcpm] DoS attack from misbehaving receivers Caitlin Bestler
- RE: [tcpm] DoS attack from misbehaving receivers Caitlin Bestler
- Re: [tcpm] DoS attack from misbehaving receivers Rob Sherwood
- Re: [tcpm] DoS attack from misbehaving receivers Joe Touch
- RE: [tcpm] DoS attack from misbehaving receivers Caitlin Bestler
- RE: [tcpm] DoS attack from misbehaving receivers Christian Huitema
- Re: [tcpm] DoS attack from misbehaving receivers Joe Touch
- Re: [tcpm] DoS attack from misbehaving receivers John Heffner
- Re: [tcpm] DoS attack from misbehaving receivers Rob Sherwood
- Re: [tcpm] DoS attack from misbehaving receivers Gavin McCullagh
- RE: [tcpm] DoS attack from misbehaving receivers Caitlin Bestler
- Re: [tcpm] DoS attack from misbehaving receivers David Malone
- Re: [tcpm] DoS attack from misbehaving receivers Gavin McCullagh
- Re: [tcpm] DoS attack from misbehaving receivers Rob Sherwood
- Re: [tcpm] DoS attack from misbehaving receivers Mark Allman
- Re: [tcpm] DoS attack from misbehaving receivers Rob Sherwood
- Re: [tcpm] DoS attack from misbehaving receivers Mark Allman
- Re: [tcpm] DoS attack from misbehaving receivers Rob Sherwood
- Re: [tcpm] DoS attack from misbehaving receivers Mark Allman