This paper explores several techniques by which receiver(s) can
misbehave in a way which gives them a disproportionate amount of
resources. These exploits are possible due to the trusting
environment in which TCP was developed, leading to implementations
which can be taken advantage of.
The first attack, ACK division, is solved by simply ensuring Acks land
on segment boundaries. As the paper mentioned, this is done in Linux
2.2. The two other exploits, DupAck and OptAck, attempt to grow the
sender's cwnd by exploiting that acks carry no authentication token
against the data they are acking.
For the two latter problems, the authors suggest using a nonce by
adding fields to the TCP header. While their suggestion works and is
valid, I believe it is not in widespread use (at least as far as I
know) because an even simpler solution exists: traffic shaping. If a
sender "cheats" by increasing the speed at which it reaches its
stable-state bandwidth, fine. Traffic shapers can still prevent them
taking more than their share or preventing others from receiving
service.
On the other hand, I have found RFCs (dated circa 2003) for both
byte-granularity cwnd increases for acks as well as nonce options to
prevent malicious cwnd growth. Maybe we'll see these implementations come
about sometime in the future (I don't know how fast or slow the RFC
adoption process is). Also, I wonder (though doubtful) if these problems
have carried over to ipv6.
Received on Wed Oct 26 2005 - 18:01:51 EDT
This archive was generated by hypermail 2.2.0 : Fri Oct 28 2005 - 22:05:20 EDT