Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse

Abstract

An "optimistic" acknowledgment (OptAck) is an acknowledgment sent by a misbehaving client for a data segment that it has not received. Whereas previous work has focused on OptAck as a means to greedily improve end-to-end performance, we study OptAck exclusively as a denial of service attack. Specifically, an attacker sends optimistic acknowledgments to many victims in parallel, thereby amplifying its effective bandwidth by a factor of 30 million (worst case). Thus, even a relatively modest attacker can totally saturate the paths from many victims back to the attacker. Worse, a distributed network of compromised machines (``zombies'') can exploit this attack in parallel to bring about wide-spread, sustained congestion collapse. We implement this attack both in simulation and in a wide-area network, and show it severity both in terms of number of packets and total traffic generated. We engineer and implement a novel solution that does not require client or network modifications allowing for practical deployment. Additionally, we demonstrate the solution's efficiency on a real network.