[Iccrg] review of Compound TCP draft

Douglas Leith Doug.Leith at nuim.ie
Wed Nov 21 21:10:49 GMT 2007 

How about if the spoofing makes the base delay look higher e.g. by  
tinkering with tcp timestamps.   Would that mean the estimated queue  
delay would be too low and so make a flow more aggressive ?

Doug

Hamilton Institute
www.hamilton.ie

On 21 Nov 2007, at 20:52, Lachlan Andrew wrote:

> Greetings Murari
>
> On 21/11/2007, Murari Sridharan <muraris at microsoft.com> wrote:
>> "One thought, that might be fruitless:  Given the delay-based  
>> component,
>> is CTCP increasingly vulnerable to ACK-spoofing attacks in comparison
>> to normal TCP?"
>>
>> Can you clarify the exact attack here. Are you suggesting that if  
>> somebody (in the middle) can inject ACKs in the window it might  
>> make things worse since our RTT samples are skewed to be much  
>> smaller and as a result we might increase aggressively thinking  
>> there is no congestion? If so why is this a problem only to delay  
>> based algorithms I think any high-speed algorithm that is ack  
>> clocked is equally vulnerable.
>
> I think Wes's concern is that the algorithm might be fooled into
> thinking there is less queueing delay, and hence increase the window
> faster.  Purely loss-based algorithm will not increase their windows
> faster based on their estimate of the queueing, and so are less
> sensitive.  (Of course, proxies which reduce the RTT can still
> increase the throughput of loss-based algorithms.)
>
> I think that the algorithm is OK, because spoofing ACKs is likely to
> make the estimated *base* RTT lower, which makes *all* other delays
> seem to be delayed.  Thus an attacker would be likely to get a lower
> overall rate by spoofing ACKs.  It is a good point and should be
> mentioned in the draft as a point for investigation, since my "thought
> experiment" is not conclusive.
>
> Cheers,
> Lachlan
>
> -- 
> Lachlan Andrew  Dept of Computer Science, Caltech
> 1200 E California Blvd, Mail Code 256-80, Pasadena CA 91125, USA
> Ph: +1 (626) 395-8820    Fax: +1 (626) 568-3603
> http://netlab.caltech.edu/~lachlan
>
> _______________________________________________
> Iccrg mailing list
> Iccrg at cs.ucl.ac.uk
> http://oakham.cs.ucl.ac.uk/mailman/listinfo/iccrg

More information about the Iccrg mailing list