Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse

View/ Open
Date
2005-11-15Author
Sherwood, Rob
Bhattacharjee, Bobby
Braud, Ryan
Metadata
Show full item recordAbstract
An "optimistic" acknowledgment (OptAck) is an acknowledgment
sent by a misbehaving client for a data segment that it has not
received. Whereas previous work has focused on OptAck as a means to
greedily improve end-to-end performance, we study OptAck exclusively
as a denial of service attack. Specifically, an attacker sends
optimistic acknowledgments to many victims in parallel, thereby
amplifying its effective bandwidth by a factor of 30 million (worst
case). Thus, even a relatively modest attacker can totally saturate
the paths from many victims back to the attacker. Worse, a
distributed network of compromised machines (``zombies'') can exploit
this attack in parallel to bring about wide-spread, sustained
congestion collapse.
We implement this attack both in simulation and in a wide-area
network, and show it severity both in terms of number of packets and
total traffic generated. We engineer and implement a novel solution
that does not require client or network modifications allowing for
practical deployment. Additionally, we demonstrate the solution's
efficiency on a real network.