DoS vulnerability of TCP by acknowledging not received segments
draft-azcorra-tsvwg-tcp-blind-ack-dos-00

Document Type Expired Internet-Draft (individual)
Last updated 2004-02-05
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-azcorra-tsvwg-tcp-blind-ack-dos-00.txt

Abstract

TCP relies in communication peers to implement congestion control by hosts voluntary limiting their own data rate. Nevertheless this assumption introduces unsolved DoS attack opportunities. A DoS attack can be easily performed by a host that acknowledges TCP segments not yet received (maybe even not sent). This document presents and briefly describes the problem, already identified and pointed before, but also shows than it can be easily performed (with very interesting results) and proposes some server-side modifications to TCP stack in order to make this attack more dificult to perform.

Authors

Arturo Azcorra (azcorra@it.uc3m.es)
Carlos Bernardos (cjbc@it.uc3m.es)
Ignacio Soto (isoto@it.uc3m.es)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)