http://www.cs.washington.edu/homes/savage/papers/CCR99.pdf The above research paper ("TCP Congestion Control with a Misbehaving Receiver") describes some apparent bugs in the description of TCP congestion control in RFC 2581. The authors' rogue Linux client exploits these bugs to effectively bypass TCP congestion control, sucking up all available bandwidth. They successfully convince the sending servers to send all (but the first few segments) in a single burst of data. Their first exploit is ACK Division. During slow start, the rogue receiver ACKs each byte of the received packet individually, causing the sender to grow its congestion window much faster than usual. Their second exploit is Duplicate ACK Spoofing. The rogue receiver sends a long stream of duplicate ACKs for the last sequence number received. This causes the sender to enter the fast recovery mode and sends new packets at a rate proportional to the rate the receiver is sending duplicate ACKs. Their third exploit is Optimistic ACKing. The rogue receiver sends ACKs for packets that it has not yet received. This confuses the sender's round-trip time calculations, causing it to send packets very rapidly. The paper says that FreeBSD 3 is vulnerable to all three exploits. Is this still the case for FreeBSD 4 and 5? Or are these "attacks" purely academic? For comparison, the paper says that Linux 2.0 and Windows NT 4 are immune to Duplicate ACK Spoofing and Linux 2.2 is immune to ACK Division. chris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
