Re: Summary of responses so far and proposal moving forward [Was Re: [tcpm] Is this a problem?]

[Ted Faber <faber@ISI.EDU>]

Just me, not a chair.

On Wed, Nov 21, 2007 at 02:15:34PM -0800, Mahesh Jethanandani wrote:
> Ted Faber wrote:
> >An attacker who wanted to mount the DoS attack described in the draft
> >could defeat your proposed mitigation by asking for the same large
> >window and then draining it slowly rather than simply holding the zero
> >window.  The draft mentions that the silly window avoidance makes this
> >difficult, but it just requires the attacker to ACK an MSS worth of data
> >less frequently then if they read a single byte
> This is a *proposed* solution. This is not a solution that we want to 
> standardize on. I am sure with bright minds on this list we can come up 
> with better solutions to the problem and  I am fine with that.
> 
> To answer your question, yes, they could. That situation is no different 
> from a connection that is slow but is making progress. In fact at that 
> point it is not a persist connection. It is not advertising zero window. 
> We are specifically concerned about connections that take advantage of 
> RFC 1122 verbiage to keep the connection in persist state.

It seems to me that this is the same attack that motivated your defense,
just made *slightly* trickier.  To the owner of the attacked server
there's not much difference in the result.

I'm not thrilled to standardize something so easy to work around.  I
suspect that something hard to work around would be to complex and
application-dependent to standardize into TCP.

-- 
Ted Faber
http://www.isi.edu/~faber           PGP: http://www.isi.edu/~faber/pubkeys.asc
Unexpected attachment on this mail? See http://www.isi.edu/~faber/FAQ.html#SIG

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm