[e2e] TCP DoS by manipulating flow-control with fake ACKs?
Neil Spring
nspring at cs.washington.edu
Mon Aug 12 10:47:08 PDT 2002
On Mon, Aug 12, 2002 at 06:57:48PM +0200, Luke Gorrie wrote:
> I'm wondering if there's any literature or folklore about
> denial-of-service attacks based on manipulating TCP flow control
> information to make a remote host waste all of its bandwidth. What I
http://www-cse.ucsd.edu/~savage/papers/CCR99.pdf
http://www-cse.ucsd.edu/~savage/papers/ICNP01.pdf
from:
http://www-cse.ucsd.edu/~savage/pubs.htm
enjoy,
-neil
On Mon, Aug 12, 2002 at 06:57:48PM +0200, Luke Gorrie wrote:
> Ahoy,
> I'm wondering if there's any literature or folklore about
> denial-of-service attacks based on manipulating TCP flow control
> information to make a remote host waste all of its bandwidth. What I
> have in mind is rapidly generating TCP ACKs for data that you haven't
> received but predict has been sent, to create the illusion that you
> are receiving packets extremely fast and that none are being lost.
> For example:
> 1. Connect to a webserver and start downloading a large file.
> 2. Send ACKs as rapidly as possible, incrementing the acknowledged
> sequence number by K*MSS each time for some constant K.
> 3. Start again after you get a FIN, RST, etc.
> It looks to me like the remote host might reasonably respond with K
> full-size segments to every small ACK you send it, independent of any
> downstream congestion, and thus run out of resources.
> I'd be greateful for any references or other information.
> Cheers!
> Luke
More information about the end2end-interest
mailing list