[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Minutes / Notes



Pekka Nikander;

> > Assuming that there is no packet losses and that the attacker
> > send acks slowly enough, maybe.
> 
> The attacker doesn't need to send the acks very slowly. See

Yes, it does.

> Stefan Savage, Neal Cardwell, David Wetherall, and Tom Anderson,
> "TCP Congestion Control with a Misbehaving Receiver",
> CCR, 1999.
> 
> Note especially that after some initial data stream,
> the attacker can ignore incoming data (attack 3).

Wrong.

As the paper says:

	Moreover, if an ACK arrives for data that has not yet
	been sent, this is generally ignored by the sending TCP

the attacker must be able to know the current sequence number of
a sender and reply ACKs with a sequence number a little more
than that, or the ACKs are ignored.

That is, the attacker should send ACKs slowly enough not to
exceed the sequence number currently used by the sender.

						Masataka Ohta