This paper explains how the vulnerabilities in TCP, originally designed
for a cooperative environment, can be exploited by a receiver to
arbitrarily increase a sender’s rate. The receiver would benefit from
that at the expense of other users, by consuming a lot of bandwidth.
This paper clearly outlines three attacks and proposes some fixes which
could be used against these attacks.
The paper gives very good insight on TCP attacks that could be carried
out against TCP implementations in 1999. Since the attacker can
arbitrarily increase its receiving rate by writing small hacks (tens of
lines of code) in the TCP implementation of an open source operating
system like Linux, this problem is important.
However, to disrupt the Internet, this would have to be a widely
deployed attack (and/or receivers will need to have high bandwidth
connectivity to the Internet to cause significant damage). I am also not
sure how many people will hack their OS unless some attackers make the
code publicly available. There is also a risk of the inexperienced
attacker DoS-ing himself if the sender is sending more than the receiver
can take. The solution they propose is not a very attractive one since
it only states the obvious. Re-engineer the TCP protocol!
This paper was published in 1999 and it would be interesting to know how
many newer TCP implementations have somehow prevented this kind of
attack to happen and what strategy they used. I believe that none of the
current TCP implementations use nonces in their header, and it would
therefore be interesting to see different, potentially more insightful
solutions.
Received on Sun Oct 30 2005 - 13:00:25 EST
This archive was generated by hypermail 2.2.0 : Sun Oct 30 2005 - 20:50:21 EST