Sting is a tool that measures the loss rate between two hosts in a WAN,
such as the Internet, by exploiting some TCP characteristics. By
construct data packets with carefully chosen sequence number, both the
forward and the reverse transmission loss rate can be derived by
examining the acknowledgments returned. The author applies this tool
against a number of Internet web hosts. Although there's no mention of
the correctness of the tool, the tool does find that the reverse loss
rate is higher than the forward loss rate.
This work is certainly interesting because of the techniques it uses to
exploit TCP and its finding of asymmetric loss rate between Internet
hosts. I think the author should give a more in-depth explanation of why
the reverse loss rate is sufficiently higher than the forward loss rate.
I suspect it is possible for one of Sting's workarounds that causes a
timeout at the remote host and hence dropping some packets.
The workarounds used in Sting can be useful DOS techniques if they are
not handled properly. The techniques described in section 4 consume TCP
buffer, network bandwidth, and web server buffer respectively. While
probing a target host once every ten minutes is not going to cause a
problem, I think a continuous probing with Sting using a couple of hosts
may be sufficient to bring down a target host.
I believe Sting does not follow the TCP congestion control protocol
strictly when probing. This makes me wonder what will happen if it
encounters a misbehaving receiver, especially the one spoofing
duplicated acknowledgments. Probably this connection will have a larger
ackReceived than ackSent, giving a negative loss rate.
Received on Mon Oct 31 2005 - 04:12:29 EST
This archive was generated by hypermail 2.2.0 : Mon Oct 31 2005 - 09:53:48 EST