[Iccrg] review of Compound TCP draft

Lachlan Andrew lachlan.andrew at gmail.com
Wed Nov 21 20:52:30 GMT 2007


Greetings Murari

On 21/11/2007, Murari Sridharan <muraris at microsoft.com> wrote:
> "One thought, that might be fruitless:  Given the delay-based component,
> is CTCP increasingly vulnerable to ACK-spoofing attacks in comparison
> to normal TCP?"
>
> Can you clarify the exact attack here. Are you suggesting that if somebody (in the middle) can inject ACKs in the window it might make things worse since our RTT samples are skewed to be much smaller and as a result we might increase aggressively thinking there is no congestion? If so why is this a problem only to delay based algorithms I think any high-speed algorithm that is ack clocked is equally vulnerable.

I think Wes's concern is that the algorithm might be fooled into
thinking there is less queueing delay, and hence increase the window
faster.  Purely loss-based algorithm will not increase their windows
faster based on their estimate of the queueing, and so are less
sensitive.  (Of course, proxies which reduce the RTT can still
increase the throughput of loss-based algorithms.)

I think that the algorithm is OK, because spoofing ACKs is likely to
make the estimated *base* RTT lower, which makes *all* other delays
seem to be delayed.  Thus an attacker would be likely to get a lower
overall rate by spoofing ACKs.  It is a good point and should be
mentioned in the draft as a point for investigation, since my "thought
experiment" is not conclusive.

Cheers,
Lachlan

-- 
Lachlan Andrew  Dept of Computer Science, Caltech
1200 E California Blvd, Mail Code 256-80, Pasadena CA 91125, USA
Ph: +1 (626) 395-8820    Fax: +1 (626) 568-3603
http://netlab.caltech.edu/~lachlan



More information about the Iccrg mailing list