DoS vulnerability of TCP by acknowledging not received segments

Document Type Expired Internet-Draft (individual)
Authors Arturo Azcorra  , Carlos Bernardos  , Ignacio Soto 
Last updated 2004-02-05
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


TCP relies in communication peers to implement congestion control by hosts voluntary limiting their own data rate. Nevertheless this assumption introduces unsolved DoS attack opportunities. A DoS attack can be easily performed by a host that acknowledges TCP segments not yet received (maybe even not sent). This document presents and briefly describes the problem, already identified and pointed before, but also shows than it can be easily performed (with very interesting results) and proposes some server-side modifications to TCP stack in order to make this attack more dificult to perform.


Arturo Azcorra (
Carlos Bernardos (
Ignacio Soto (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)